Too scared to post in Code Critique

lcook

Okay, after a week or two of reading/testing/retesting, I finally got the user submission pages of my site to work, but I'm 99.9% certain they can be improved. Please (gently) inform me what you would do to make them better. Security wasn't my highest priority when writing this all, as there is no super-sensitive information being stored here, but I would like to immunize my database from being destroyed.

Don't worry about writing a manifesto - you can simply point me to a reference if that is easier. 🙂

Thanks!

The design is to have one page where username/password and demographics are entered, then the next page three files are uploaded, in addition to a few more dates/qualifications relevant to the course they want to take. The code I'm posting is the upload page: (I utilized Dreamweaver, quite heavily)

<?php
require_once('connectfile.php');
session_start();

if (isset($_POST['MM_insert'])) {
	$upload_error_codes=array("",
		"The uploaded file exceeds the upload_max_filesize directive in php.ini.","",
		"The uploaded file was only partially uploaded.",
		"No file was uploaded.","Missing a temporary folder.",
		"Failed to write file to disk.","File upload stopped by extension.");
	$allowed_ext_string="";
	$allowed_extensions=explode(",",$allowed_ext_string);
	$upload_status = "";
	$allowed_size =  2+0;
	$success_page = "";
	$thumbs_dir = "";
	$resize_image = "";
	$resize_width = +0;
	$resize_height = +0;
	$thumb_width = +0;
	$thumb_height = +0;		
	$make_thumbs = "";
	$thumb_prefix = "";
	$thumb_suffix = "";
	$file_suffix = "";
	$append_date_stamp = "1";
	$date_stamp=($append_date_stamp=="1")?date(time()):"";
	$haulted = false;
	$upload_folder="../uploads";
	//Check for restrictions
	//Check if upload folder exists
	if(!file_exists($upload_folder)){die("Upload folder doesn't exist");}
	if(!is_writable($upload_folder)){die("Upload folder is not writable");}
	if($make_thumbs == "yes" && !file_exists($thumbs_dir)){die("Thumbnails folder doesn't exist");}
	if($make_thumbs == "yes" && !is_writable($thumbs_dir)){die("Thumbnails folder is not writable");}
	foreach($_FILES as $files => $_file){
		//Check if it's not empty
		if($_file['name']!=""){
			$pathinfo = pathinfo($_file['name']);
			//If allowed extension or no extension restriction
			if(!in_array(strtolower($pathinfo['extension']),$allowed_extensions) && $allowed_ext_string!=""){
				die(strtoupper($pathinfo['extension'])." files are not allowed.
				<br>No files have been uploaded.");
			}
			if($_file['size']>$allowed_size*1048576 && $allowed_size!=0){
				die("The file size of ".basename($_file['name'])." is ".round($_file['size']/1048576,2)."MB,
				which is larger than allowed ".$allowed_size."MB.<br>No files have been uploaded.");
			}		
		}
	}
	$count = 1;
	//All checks passed, attempt to upload
	foreach($_FILES as $files => $_file){
		//Check if it's not empty
		if($_file['name']!=""){
			$pathinfo = pathinfo($_file['name']);
			$file_name_array = explode(".", basename($_file['name']));
			$filename = $file_name_array[count($file_name_array)-2];
			$target = $upload_folder;
			$file_uploaded = false;

		$file_prefix = "";
			  if($count==1)
  { $file_prefix = "pp1";
  }elseif($count==2)
  { $file_prefix = "pp2";
  }
  elseif($count==3)
  { $file_prefix = "cert";
  }

		$target = $target."/".$file_prefix.$filename.$file_suffix.$date_stamp.".".$pathinfo['extension'];
		//if image
		if(strtolower($pathinfo['extension'])=="jpeg" || strtolower($pathinfo['extension'])=="jpg"){

			if(move_uploaded_file($_file['tmp_name'], $target)){
				//$upload_status=$upload_status.basename($_file['name'])." was uploaded successfully.<br>";
			//$upload_status=$upload_status.basename($_file['name'])." was successfully resized.<br>";
mysql_select_db($database_connect, $connect);
$file_uploaded=true;
					   $insertSQL = sprintf("INSERT INTO quals (username, cid, type, passportnum, datequal, dateemployed, datehundred) VALUES (%s,%s,%s,%s,%s,%s,%s)",
                       GetSQLValueString($_SESSION['MM_Username'], "text"),
					   GetSQLValueString("ADS", "text"),
					   GetSQLValueString($_POST['type'], "text"),
                       GetSQLValueString($_POST['passportnum'], "int"),
					   GetSQLValueString($_POST['datequal'], "date"),
					   GetSQLValueString($_POST['dateemployed'], "date"),
                       GetSQLValueString($_POST['datehundredthdive'], "date"));

  $Result1 = mysql_query($insertSQL, $connect) or die(mysql_error());

  if($Result1)
  {
	  $ftype="";
	  /*if($_files['passport_1'])
	  { $ftype = "pp1";
	  }elseif($_files['passport_2'])
	  { $ftype = "pp2";
	  }
	  elseif($_files['surfacecert'])
	  { $ftype = "cert";
	  }*/
	  if($count==1)
	  { $ftype = "pp1";
	  }elseif($count==2)
	  { $ftype = "pp2";
	  }
	  elseif($count==3)
	  { $ftype = "cert";
	  }

  $insertSQL2 = sprintf("INSERT INTO files (`username`,`ftid`,`path`) VALUES (%s,%s,%s)",
                   GetSQLValueString($_SESSION['MM_Username'], "text"),
				   GetSQLValueString($ftype, "text"),
				   GetSQLValueString($target, "text"));
  $Result2 = mysql_query($insertSQL2, $connect) or die(mysql_error());

  if($Result2)
  {
	$count = $count + 1;  
  }
  } 
				}else{
					$haulted=true;
					break;
				}
			}
			else
			{
				echo "Please Upload A .jpeg image.";
			}
			//Cleanup
			if(isset($src)){imagedestroy($src);unset($src);}
			if(isset($tmp)){imagedestroy($tmp);unset($tmp);}
			if($haulted){die($upload_status."There was a problem uploading ". basename($_file['name']).".
						Error: ".$upload_error_codes[basename($_file['error'])].". Upload was interrupted.<br>");}
		}
	}

if((!$haulted)){
echo "Thank you, your information has been submitted!";

}


}



//-------------
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
?>