Survey Security

Ask about a PHP problem here.
Post Reply
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Survey Security

Post by ExtremeGaming »

I am making a survey feature for my website. Nothing is wrong with the current security (that I know of :s) I was actually wondering what I could do to improve the security. Sorry for the lack of organization I have no code editor on this computer.

survey.php
<?php
require('check/ip_check.php');
if($id == "1") {
if($ip_check != "0") {
?>
<p>You have already taken this survey.  Please choose another.</p>
<?php
}
else {
?>
<form action="submit/submit_survey.php?id=1" method="post">
<p>In this survey we will ask you a series of 5 questions involving the subject "blah".  Please answer all questions honestly as they will effect the future of the site.</p>
<p> </p>
<p>* = Required</p>
<p> </p>
<p>* 1. blah blah blah</p>
<p><input type="radio" name="agree" value="Yes" /> Yes</p>
<p><input type="radio" name="agree" value="No" /> No</p>
<p> </p>
<p>* 2. blah blah blah</p>
<p><a href="example/placement1.php" target="_blank">Link 1</a></p>
<p><a href="example/placement2.php" target="_blank">Link 2</a></p>
<p> </p>
<p><textarea maxlength="250" name="placement" cols="25" rows="5"></textarea></p>
<p> </p>
<p>* 3. blah blah blah</p>
<p><input type="radio" name="different_location" value="Yes" /> Yes</p>
<p><input type="radio" name="different_location" value="No" /> No</p>
<p> </p>
<p>4. blah blah blah</p>
<p> </p>
<p><textarea maxlength="250" name="location" cols="25" rows="5"></textarea></p>
<p> </p>
<p>5. blah blah blah</p>
<p> </p>
<p><textarea maxlength="250" name="other_locations" cols="25" rows="5"></textarea></p>
<p> </p>
<p><input type="submit" value="Submit"></p>
</form>
<?php
}
}else {
?>
<p>No survey selected.  Please <a href='index.php'>click here</a> to choose a survey.</p>
<?php
}
?>
submit_survey.php
<?php			
require('check/ip_check.php');			
if($id == "1"){
if($ip_check != "0") {
echo "<p>Error: You have already taken this survey.<br>";
echo "<a href='../index.php'>Back</a></p>";
die;
}
else {
if($_POST['agree'] == "Yes") {
}
else if($_POST['agree'] == "No") {
}
else {
echo "<p>Error: Please select an answer for question 1<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
if($_POST['placement'] == "") {
echo "<p>Error: Please enter text for question 2<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
if($_POST['different_location'] == "Yes") {
if($_POST['location'] == ""){
echo "<p>Error: It seems you selected yes for question 3.  Please enter text for question 4.<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
}
else if($_POST['different_location'] == "No") {
}
else {
echo "<p>Error: Please select an answer for question 3<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
include('add_survey1.php');
}
}
else {
echo "Error: Invalid survey id";
}

?>
Both ip_check.php (One for selecting survey, other for if a user were to make their own form and submit)
<?php
session_start();

require('../config.php');

$ip = $_SERVER['REMOTE_ADDR'];

include('connection.php');

$getid = mysql_real_escape_string($_GET['id']);

$sql ="SELECT * FROM Survey_Responses WHERE `ip` = '$ip' AND `id` = '$getid'";

$result = @mysql_query($sql, $connection) or die(mysql_error());

$ip_check = mysql_num_rows($result);
?>
add_survey1.php
<?php
session_start();

require('../config.php');
include('connection.php');

$ip = $_SERVER['REMOTE_ADDR'];

$question1 = htmlentities($_POST['agree'], ENT_QUOTES);
$question1 = mysql_real_escape_string($question1);

$question2 = htmlentities($_POST['placement'], ENT_QUOTES);
$question2 = mysql_real_escape_string($question2);

$question3 = htmlentities($_POST['different_location'], ENT_QUOTES);
$question3 = mysql_real_escape_string($question3);

$question4 = htmlentities($_POST['location'], ENT_QUOTES);
$question4 = mysql_real_escape_string($question4);

$question5 = htmlentities($_POST['other_locations'], ENT_QUOTES);
$question5 = mysql_real_escape_string($question5);

$sql ="INSERT INTO Survey_Responses VALUES('1', '$question1', '$question2', '$question3', '$question4', '$question5', '$ip')";

$result = @mysql_query($sql, $connection) or die(mysql_error());

echo "Thank you for taking our survey.  Your answers have been successfully recorded.";

?>
Any help would be appreciated :)
<?php while(!$succeed = try()); ?>
wrichards8
Posts: 66
Joined: Thu Jan 12, 2012 3:54 pm
Contact:

Re: Survey Security

Post by wrichards8 »

Hmm... it seems OK however, for each question you're giving users a choice, I would put each choice in an array and check against that because someone could easily view the forms' source, inject their own string, and submit the form. If you put all possible allowable answers in an array, this cannot happen (will return an error). Apart from that I'm not sure
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Survey Security

Post by jacek »

Are there actually varying levels of security ? I see it as more of an absolute state, your code can either be exploited or it can't. For somethign this simple all you would really need to worry about is SQL injection, and you have that covered :)
Image
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Survey Security

Post by ExtremeGaming »

Thank you :)
<?php while(!$succeed = try()); ?>
Post Reply