what is the specific error that you are getting?
[RELEASE] Secure PHP Web Registration Script
11/06/2011 00:31
JohnHeatz#166
11/06/2011 16:30
PrinciCh#167
hi,also hab eine register script gemacht und wenn man eine acc im web macht also game acc,kommt bei den user_master,RowID und UserUid NULL,und ich kan nicht im game einlogen, also was mache falsch brauche hilfe komm nicht weiter.
hi, so have made a register script and if one makes the web so acc acc game comes at the user_master, and UserUid RowID is NULL, and I kan not login in the game, so what's wrong need help do not come on.
Also genauer gesagt wen ich mich im web registriere kommen beim User_Master. bei RowID und Bei UserUid beide stecht NULL und ich kom nicht im game,also wie krieg ich die biite hin das es richtig laufen soll danke..
So more precisely, whom do I register myself in the web come in User_Master. If and when RowID UserUid both prick and I do not NULL in the complex game, so how do I get the Biite out there that will go right thanks ..
hi, so have made a register script and if one makes the web so acc acc game comes at the user_master, and UserUid RowID is NULL, and I kan not login in the game, so what's wrong need help do not come on.
Also genauer gesagt wen ich mich im web registriere kommen beim User_Master. bei RowID und Bei UserUid beide stecht NULL und ich kom nicht im game,also wie krieg ich die biite hin das es richtig laufen soll danke..
So more precisely, whom do I register myself in the web come in User_Master. If and when RowID UserUid both prick and I do not NULL in the complex game, so how do I get the Biite out there that will go right thanks ..
11/06/2011 17:58
benoli105#168
can some1 explain in detail what we have to do plz ? or make a lil quick vid tutorial explaining what to do with THOSE script ;s plz
11/06/2011 18:29
JohnHeatz#169
Change what it is needed to make them fit with your server (IP, DBUser, DBPw....) and put it into the "www" folder of your wamp/xamp....
11/06/2011 18:48
mendi1#170
Help for registre scrip
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
11/13/2011 00:39
benoli105#171
plz any1 can help me , i get this error : You must have the php_mssql library for Apache installed and enabled to connect to an MSSQL database. Uncomment the line that says extension=php_mssql.dll in your php.ini (XAMPP/WAMP only). This requires a restart of the Apache service to take effect.
11/13/2011 00:49
JohnHeatz#172
Look for the php_mssql.dll line in your ini file (xamp/wamp) and uncomment it (delete the ; at the beginning of the line) then restart your xamp/wamp
11/13/2011 01:16
benoli105#173
ok tyvm , when i do that , i restart then im unable to start apache :s
11/17/2011 00:42
benoli105#174
TYVM abrasive i got it to work <3 :DD
11/28/2011 05:09
mendi1#175
Help for ROWID
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div id="bv_Html1" style="position:absolute;left:0px;top:0px;width:45 0px;height:150px;z-index:0;" align="left">
<!-- *META* -->
<!-- rss_menu meta -->
<?php
require_once('recaptchalib.config.php');
require_once('recaptchalib.php');
require_once('db.config.php');
$user_ip = $_SERVER['REMOTE_ADDR'];
$username = isset($_POST['username']) ? mssql_escape_string(trim($_POST['username'])) : '';
$password = isset($_POST['password']) ? mssql_escape_string(trim($_POST['password'])) : '';
$password2 = isset($_POST['password2']) ? mssql_escape_string(trim($_POST['password2'])) : '';
$errors = array();
$success = false;
if(isset($_POST) && !empty($_POST)){
require_once('db.php');
// Validate user name.
$result = @odbc_exec($conn,"SELECT UserID FROM PS_UserData.dbo.Users_Master WHERE UserID = '{$username}'") or die('Failed to verify is the provided user named already exists.');
if(empty($username)){
$errors[] = 'Please provide a user name.';
}else if(strlen($username) < 3 || strlen($username) > 16){
$errors[] = 'User name must be between 3 and 16 characters in length.';
}else if(ctype_alnum($username) === false){
$errors[] = 'User name must consist of numbers and letters only.';
}else if(odbc_num_rows($result)){
$errors[] = 'User name already exists, please choose a different user name.';
}
// Validate user password.
if(empty($password)){
$errors[] = 'Please provide a password.';
}else if(strlen($password) < 3 || strlen($password) > 16){
$errors[] = 'Password must be between 3 and 16 characters in length.';
}else if($password != $password2){
$errors[] = 'Passwords do not match.';
}
// Validate reCAPTCHA. This is to prevent someone botting account creation.
$response = recaptcha_check_answer($recaptcha_private_key,$_SE RVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);
if(!$response->is_valid){
if($response->error == 'incorrect-captcha-sol'){
$errors['recaptcha'] = 'Incorrect answer to reCAPTCHA';
}else{
$errors['recaptcha'] = $response->error;
}
}
// Persist the new account to the database if no previous errors occured.
if(count($errors) == 0){
$sql = "INSERT INTO PS_UserData.dbo.Users_Master
(UserID,Pw,JoinDate,Admin,AdminLevel,UseQueue,Stat us,Leave,LeaveDate,UserType,Point,EnPassword,UserI p)
VALUES ('{$username}','{$password}',GETDATE(),0,0,0,0,0,G ETDATE(),'N',0,'','{$user_ip}')";
// Remove the @ symbol here to see what the SQL error message is when running the above query in $sql.
if($result = @odbc_exec($conn,$sql)){
$success = "Account {$username} successfully created!";
}else{
// This means the insert statement is probably not valid for your database. Fix the query or fix your database, your choice ;)
$errors[] = 'Failed to create a new account, please try again later';
}
}
}
// Determine which view to show.
if($success === false){
require_once('register.view.php');
}else{
require_once('success.view.php');
}
?></div>
</body>
</html>
Help for RowID
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div id="bv_Html1" style="position:absolute;left:0px;top:0px;width:45 0px;height:150px;z-index:0;" align="left">
<!-- *META* -->
<!-- rss_menu meta -->
<?php
require_once('recaptchalib.config.php');
require_once('recaptchalib.php');
require_once('db.config.php');
$user_ip = $_SERVER['REMOTE_ADDR'];
$username = isset($_POST['username']) ? mssql_escape_string(trim($_POST['username'])) : '';
$password = isset($_POST['password']) ? mssql_escape_string(trim($_POST['password'])) : '';
$password2 = isset($_POST['password2']) ? mssql_escape_string(trim($_POST['password2'])) : '';
$errors = array();
$success = false;
if(isset($_POST) && !empty($_POST)){
require_once('db.php');
// Validate user name.
$result = @odbc_exec($conn,"SELECT UserID FROM PS_UserData.dbo.Users_Master WHERE UserID = '{$username}'") or die('Failed to verify is the provided user named already exists.');
if(empty($username)){
$errors[] = 'Please provide a user name.';
}else if(strlen($username) < 3 || strlen($username) > 16){
$errors[] = 'User name must be between 3 and 16 characters in length.';
}else if(ctype_alnum($username) === false){
$errors[] = 'User name must consist of numbers and letters only.';
}else if(odbc_num_rows($result)){
$errors[] = 'User name already exists, please choose a different user name.';
}
// Validate user password.
if(empty($password)){
$errors[] = 'Please provide a password.';
}else if(strlen($password) < 3 || strlen($password) > 16){
$errors[] = 'Password must be between 3 and 16 characters in length.';
}else if($password != $password2){
$errors[] = 'Passwords do not match.';
}
// Validate reCAPTCHA. This is to prevent someone botting account creation.
$response = recaptcha_check_answer($recaptcha_private_key,$_SE RVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);
if(!$response->is_valid){
if($response->error == 'incorrect-captcha-sol'){
$errors['recaptcha'] = 'Incorrect answer to reCAPTCHA';
}else{
$errors['recaptcha'] = $response->error;
}
}
// Persist the new account to the database if no previous errors occured.
if(count($errors) == 0){
$sql = "INSERT INTO PS_UserData.dbo.Users_Master
(UserID,Pw,JoinDate,Admin,AdminLevel,UseQueue,Stat us,Leave,LeaveDate,UserType,Point,EnPassword,UserI p)
VALUES ('{$username}','{$password}',GETDATE(),0,0,0,0,0,G ETDATE(),'N',0,'','{$user_ip}')";
// Remove the @ symbol here to see what the SQL error message is when running the above query in $sql.
if($result = @odbc_exec($conn,$sql)){
$success = "Account {$username} successfully created!";
}else{
// This means the insert statement is probably not valid for your database. Fix the query or fix your database, your choice ;)
$errors[] = 'Failed to create a new account, please try again later';
}
}
}
// Determine which view to show.
if($success === false){
require_once('register.view.php');
}else{
require_once('success.view.php');
}
?></div>
</body>
</html>
Help for RowID
Quote:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div id="bv_Html1" style="position:absolute;left:0px;top:0px;width:45 0px;height:150px;z-index:0;" align="left">
<!-- *META* -->
<!-- rss_menu meta -->
<?php
require_once('recaptchalib.config.php');
require_once('recaptchalib.php');
require_once('db.config.php');
$user_ip = $_SERVER['REMOTE_ADDR'];
$username = isset($_POST['username']) ? mssql_escape_string(trim($_POST['username'])) : '';
$password = isset($_POST['password']) ? mssql_escape_string(trim($_POST['password'])) : '';
$password2 = isset($_POST['password2']) ? mssql_escape_string(trim($_POST['password2'])) : '';
$errors = array();
$success = false;
if(isset($_POST) && !empty($_POST)){
require_once('db.php');
// Validate user name.
$result = @odbc_exec($conn,"SELECT UserID FROM PS_UserData.dbo.Users_Master WHERE UserID = '{$username}'") or die('Failed to verify is the provided user named already exists.');
if(empty($username)){
$errors[] = 'Please provide a user name.';
}else if(strlen($username) < 3 || strlen($username) > 16){
$errors[] = 'User name must be between 3 and 16 characters in length.';
}else if(ctype_alnum($username) === false){
$errors[] = 'User name must consist of numbers and letters only.';
}else if(odbc_num_rows($result)){
$errors[] = 'User name already exists, please choose a different user name.';
}
// Validate user password.
if(empty($password)){
$errors[] = 'Please provide a password.';
}else if(strlen($password) < 3 || strlen($password) > 16){
$errors[] = 'Password must be between 3 and 16 characters in length.';
}else if($password != $password2){
$errors[] = 'Passwords do not match.';
}
// Validate reCAPTCHA. This is to prevent someone botting account creation.
$response = recaptcha_check_answer($recaptcha_private_key,$_SE RVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);
if(!$response->is_valid){
if($response->error == 'incorrect-captcha-sol'){
$errors['recaptcha'] = 'Incorrect answer to reCAPTCHA';
}else{
$errors['recaptcha'] = $response->error;
}
}
// Persist the new account to the database if no previous errors occured.
if(count($errors) == 0){
$sql = "INSERT INTO PS_UserData.dbo.Users_Master
(UserID,Pw,JoinDate,Admin,AdminLevel,UseQueue,Stat us,Leave,LeaveDate,UserType,Point,EnPassword,UserI p)
VALUES ('{$username}','{$password}',GETDATE(),0,0,0,0,0,G ETDATE(),'N',0,'','{$user_ip}')";
// Remove the @ symbol here to see what the SQL error message is when running the above query in $sql.
if($result = @odbc_exec($conn,$sql)){
$success = "Account {$username} successfully created!";
}else{
// This means the insert statement is probably not valid for your database. Fix the query or fix your database, your choice ;)
$errors[] = 'Failed to create a new account, please try again later';
}
}
}
// Determine which view to show.
if($success === false){
require_once('register.view.php');
}else{
require_once('success.view.php');
}
?></div>
</body>
</html>
11/29/2011 00:07
JohnHeatz#176
If you, perhaps, give more information about what the problem is, something more explained than "Help for RowID" it would be possible to help
12/02/2011 21:48
·Tyler·#177
mendi1,Quote:
Ideally your UserUID column in the table PS_UserData.dbo.Users_Master should be set to auto-increment. If this is not the case, you will need to adjust this script, or ideally fix your database, to accommodate this.
This is most likely the solution to your problem.
Tyler
12/27/2011 15:21
Seyyah46#178
if you need help and if your problem
[Only registered and activated users can see links. Click Here To Register...]
1. Right-click on the Users_Master table and select Design.
2. Highlight RowID, and look inside the Column Properties section at the bottom of the interface for Identity Specification.
3. Expand Identity Specification, and change (Is Identity) to Yes. Identity Increment and Identity Seed should change to 1 automatically when you do this.
4. Press Ctrl + S to save.
Edit:
[Only registered and activated users can see links. Click Here To Register...]
and use this Register.php (Edit this file with your personal database credentials) ( sql id (ex. YENSH-S89HRGF or ip), sql user id (ex. Shaiya), sql user password (ex. Shaiya123)
orQuote:
Failed to create a new account, please try again later
[Only registered and activated users can see links. Click Here To Register...]
1. Right-click on the Users_Master table and select Design.
2. Highlight RowID, and look inside the Column Properties section at the bottom of the interface for Identity Specification.
3. Expand Identity Specification, and change (Is Identity) to Yes. Identity Increment and Identity Seed should change to 1 automatically when you do this.
4. Press Ctrl + S to save.
Edit:
[Only registered and activated users can see links. Click Here To Register...]
and use this Register.php (Edit this file with your personal database credentials) ( sql id (ex. YENSH-S89HRGF or ip), sql user id (ex. Shaiya), sql user password (ex. Shaiya123)
:rolleyes:Quote:
<?php
require_once('recaptchalib.config.php');
require_once('recaptchalib.php');
require_once('db.config.php');
$user_ip = $_SERVER['REMOTE_ADDR'];
$username = isset($_POST['username']) ? mssql_escape_string(trim($_POST['username'])) : '';
$password = isset($_POST['password']) ? mssql_escape_string(trim($_POST['password'])) : '';
$password2 = isset($_POST['password2']) ? mssql_escape_string(trim($_POST['password2'])) : '';
$conn=mssql_connect('sql id','sql user id','sql user password');
$db = mssql_select_db('PS_UserData',$conn) or die("MSSQL Conection Error!");
$errors = array();
$success = false;
if(isset($_POST) && !empty($_POST)){
require_once('db.php');
// Validate user name.
$result = @mssql_query("SELECT UserID FROM PS_UserData.dbo.Users_Master WHERE UserID = '{$username}'") or die('Failed to verify is the provided user named already exists.');
if(empty($username)){
$errors[] = 'Please provide a user name.';
}else if(strlen($username) < 3 || strlen($username) > 16){
$errors[] = 'User name must be between 3 and 16 characters in length.';
}else if(ctype_alnum($username) === false){
$errors[] = 'User name must consist of numbers and letters only.';
}else if(mssql_num_rows($result)){
$errors[] = 'User name already exists, please choose a different user name.';
}
// Validate user password.
if(empty($password)){
$errors[] = 'Please provide a password.';
}else if(strlen($password) < 3 || strlen($password) > 16){
$errors[] = 'Password must be between 3 and 16 characters in length.';
}else if($password != $password2){
$errors[] = 'Passwords do not match.';
}
// Validate reCAPTCHA. This is to prevent someone botting account creation.
$response = recaptcha_check_answer($recaptcha_private_key,$_SE RVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);
if(!$response->is_valid){
if($response->error == 'incorrect-captcha-sol'){
$errors['recaptcha'] = 'Incorrect answer to reCAPTCHA';
}else{
$errors['recaptcha'] = $response->error;
}
}
// Persist the new account to the database if no previous errors occured.
if(count($errors) == 0){
$checkuseruid = "SELECT Max(UserUID) AS max FROM PS_UserData.dbo.Users_Master";
$resultado = mssql_query($checkuseruid);
$captura = mssql_fetch_array($resultado);
$UserUID = $captura["max"]+1;
$sql = "INSERT INTO PS_UserData.dbo.Users_Master
(UserUID,UserID,Pw,JoinDate,Admin,AdminLevel,UseQu eue,Status,Leave,LeaveDate,UserType,Point,EnPasswo rd,UserIp)
VALUES ('{$UserUID}','{$username}','{$password}',GETDATE( ),0,0,0,0,0,GETDATE(),'N',0,'','{$user_ip}')";
// Remove the @ symbol here to see what the SQL error message is when running the above query in $sql.
if($result = @mssql_query($sql)){
$success = "Account {$username} successfully created!";
}else{
// This means the insert statement is probably not valid for your database. Fix the query or fix your database, your choice ;)
$errors[] = 'Failed to create a new account, please try again later';
}
}
}
// Determine which view to show.
if($success === false){
require_once('register.view.php');
}else{
require_once('success.view.php');
}
?>
01/07/2012 00:08
firexware#179
This is vulnerable to XSS where the form is filled with the user's data when the query fails. Use htmlentities or htmlspecialchars on all user data before outputting it.
P0c:
Put:
"><script>alert('xss nuuuuu');</script><div id="
into the username then click 'create account'
P0c:
Put:
"><script>alert('xss nuuuuu');</script><div id="
into the username then click 'create account'
01/10/2012 16:53
Domina1990#180
geht viel einfacher mit nichtmal 10 zeilen. mfg