Hi, I have just created a script which has gone through one round of beta testing and needs a 2nd before i launch it. The person(s) needs to be experienced in PHP as i am looking at security and potential risks/issues of the script from a programming point of view. If you wish to test this script please contact me via pm and i will send you the instructions. The only thing i ask is if the test is completed within 2 days as i am on a deadline for doing so you will get the script for free. Cheers, Adam
I didn't go through all of the code yet, but I've seen you forgot quite a lot SQL injection security holes. Also the function that verifies if the admin is logged in still has the same problem as before. Re-read my mail carefully and take care of all issues. Specially the last one. You could put something like this in init.php. This would automatically add slashes to all user defined variables to prevent SQL injections. function real_escape_array(&$array) { static $func, $magic_quotes; if (!isset($func)) { $func = ((@mysql_ping() AND function_exists('mysql_real_escape_string')) ? 'mysql_real_escape_string' : 'mysql_escape_string' ); } if (!isset($magic_quotes)) { $magic_quotes = get_magic_quotes_gpc(); } if ($magic_quotes) { $array = is_array($array) ? array_map('stripslashes', $array) : stripslashes($array); } $array = is_array($array) ? array_map($func, $array) : $func($array); } real_escape_array($_GET); real_escape_array($_POST); real_escape_array($_COOKIE); PHP: It's just a lazy workaround though. You should check every variable for the right content before putting it into query strings, etc...
Cheers nico, i tried to go through your list as best i can but obviously still have quite a bit to learn.