diff --git a/LUA/TFS_10/talkaction report system/adminreport.lua b/LUA/TFS_10/talkaction report system/adminreport.lua
index 43c9b16..b4777ac 100644
--- a/LUA/TFS_10/talkaction report system/adminreport.lua	
+++ b/LUA/TFS_10/talkaction report system/adminreport.lua	
@@ -10,7 +10,7 @@ function onSay(cid, words, param, channel)
 	end
 	if player:getStorageValue(storage) <= os.time() then
 		player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!")
-		db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL ,  '" .. player:getName() .. "',  '" .. player:getPosition().x .. "',  '" .. player:getPosition().y .. "',  '" .. player:getPosition().z .. "',  " .. db.escapeString(param) .. ",  '" .. os.time() .. "')")
+		db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL ,  " .. db.escapeString(player:getName()) .. ",  '" .. player:getPosition().x .. "',  '" .. player:getPosition().y .. "',  '" .. player:getPosition().z .. "',  " .. db.escapeString(param) .. ",  '" .. os.time() .. "')")
 		player:setStorageValue(storage, os.time() + delaytime)
 	else
 		player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.")
diff --git a/admin_reports.php b/admin_reports.php
index 1f735e7..2185b95 100644
--- a/admin_reports.php
+++ b/admin_reports.php
@@ -41,9 +41,9 @@ if (!empty($_POST)) {
     $customPoints = getValue($_POST['customPoints']);
     $reportId = getValue($_POST['id']);
 
-    $changelogReportId = &$_POST['changelogReportId'];
+    $changelogReportId = (int)$_POST['changelogReportId'];
     $changelogValue = &$_POST['changelogValue'];
-    $changelogText = &$_POST['changelogText'];
+    $changelogText = getValue($_POST['changelogText']);
     $changelogStatus = ($changelogReportId !== false && $changelogValue === '2' && $changelogText !== false) ? true : false;
 
     if ($customPoints !== false) $price = (int)($price + $customPoints);
diff --git a/changepassword.php b/changepassword.php
index 0027d5c..8c698ec 100644
--- a/changepassword.php
+++ b/changepassword.php
@@ -29,8 +29,8 @@ if (empty($_POST) === false) {
 			$errors[] = 'Your new passwords do not match.';
 		} else if (strlen($_POST['new_password']) < 6) {
 			$errors[] = 'Your new passwords must be at least 6 characters.';
-		} else if (strlen($_POST['new_password']) > 32) {
-			$errors[] = 'Your new passwords must be less than 33 characters.';
+		} else if (strlen($_POST['new_password']) > 100) {
+			$errors[] = 'Your new passwords must be less than 100 characters.';
 		}
 	} else {
 		$errors[] = 'Your current password is incorrect.';
diff --git a/engine/function/users.php b/engine/function/users.php
index ac1571c..cb84607 100644
--- a/engine/function/users.php
+++ b/engine/function/users.php
@@ -1233,7 +1233,7 @@ function user_count_accounts() {
 */
 function user_character_data($user_id) {
 	$data = array();
-	$user_id = sanitize($user_id);
+	$user_id = (int)$user_id;
 	$func_num_args = func_num_args();
 	$func_get_args = func_get_args();
 	if ($func_num_args > 1)  {
diff --git a/ipn.php b/ipn.php
index 2ffb09f..b53f473 100644
--- a/ipn.php
+++ b/ipn.php
@@ -1,4 +1,7 @@
 <?php
+	if (gethostbyaddr($_SERVER['REMOTE_ADDR']) !== 'notify.paypal.com') {
+		exit();
+	}
 
 	// Require the functions to connect to database and fetch config values
 	require 'config.php';
@@ -65,9 +68,9 @@
 	$payment_status   = $_POST['payment_status'];
 	$payment_amount   = $_POST['mc_gross'];
 	$payment_currency = $_POST['mc_currency'];
-	$txn_id           = $_POST['txn_id'];
-	$receiver_email   = $_POST['receiver_email'];
-	$payer_email      = $_POST['payer_email'];
+	$txn_id           = getValue($_POST['txn_id']);
+	$receiver_email   = getValue($_POST['receiver_email']);
+	$payer_email      = getValue($_POST['payer_email']);
 	$custom           = (int)$_POST['custom'];
 
 	$connectedIp = $_SERVER['REMOTE_ADDR'];
diff --git a/paygol_ipn.php b/paygol_ipn.php
index 3fd715c..56af350 100644
--- a/paygol_ipn.php
+++ b/paygol_ipn.php
@@ -10,18 +10,18 @@ if(!in_array($_SERVER['REMOTE_ADDR'],
 }
 
 // get the variables from PayGol system
-$message_id	= $_GET['message_id'];
-$service_id	= $_GET['service_id'];
-$shortcode	= $_GET['shortcode'];
-$keyword	= $_GET['keyword'];
-$message	= $_GET['message'];
-$sender	 = $_GET['sender'];
-$operator	= $_GET['operator'];
-$country	= $_GET['country'];
-$custom	 = $_GET['custom'];
-$points	 = $_GET['points'];
-$price	 = $_GET['price'];
-$currency	= $_GET['currency'];
+$message_id	= getValue($_GET['message_id']);
+$service_id	= getValue($_GET['service_id']);
+$shortcode	= getValue($_GET['shortcode']);
+$keyword	= getValue($_GET['keyword']);
+$message	= getValue($_GET['message']);
+$sender	 = getValue($_GET['sender']);
+$operator	= getValue($_GET['operator']);
+$country	= getValue($_GET['country']);
+$custom	 = getValue($_GET['custom']);
+$points	 = getValue($_GET['points']);
+$price	 = getValue($_GET['price']);
+$currency	= getValue($_GET['currency']);
 
 $paygol = $config['paygol'];
 $new_points = $paygol['points'];
diff --git a/register.php b/register.php
index 6286972..93b2bc3 100644
--- a/register.php
+++ b/register.php
@@ -57,8 +57,8 @@ if (empty($_POST) === false) {
 		if (strlen($_POST['password']) < 6) {
 			$errors[] = 'Your password must be at least 6 characters.';
 		}
-		if (strlen($_POST['password']) > 33) {
-			$errors[] = 'Your password must be less than 33 characters.';
+		if (strlen($_POST['password']) > 100) {
+			$errors[] = 'Your password must be less than 100 characters.';
 		}
 		if ($_POST['password'] !== $_POST['password_again']) {
 			$errors[] = 'Your passwords do not match.';