Hello guys! Today i tried make login script with DKcoins balance of account...
So i failed i really don't know why script is now working out. So anyone interest to help me and fix that script? I'll give u a big bit thanks for that.
So le'ts me show script here:
Also there is some excess "script commands" but i don't wanna Modify them cuz i don't know.. so it will disrupt...
So guys ?
// YES THIS IS DOUBLE TOPIC BUT I NEVER SAW THAT SCRIPT IS RELASED
// IF U SAW ANYPOST WHERE IS IT EXPLAINED PLZ URL ME
// ALSO I DON'T UNNOTICED ALL YOUR FAIL COMMENTS.
So i failed i really don't know why script is now working out. So anyone interest to help me and fix that script? I'll give u a big bit thanks for that.
So le'ts me show script here:
The bold word is that one what is insert from my know science :oQuote:
<?php
// Edit your mssql info here
// BEGIN MSSQL INFO
$CONFIG['host'] = "IP HERE";
$CONFIG['user'] = "USER HERE";
$CONFIG['pass'] = "PASS HERE";
// END MSSQL INFO
//----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------
$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
//----------------------------------------------------------------------------------------------------------
if(isset($_GET['action']) && ($_GET['action'] == "login")){
$user = anti_injection($_POST['user']);
$pass = anti_injection($_POST['pass']);
$coins = anti_injection($_POST['coins']);
$crypt_pass = md5($pass);
$result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'"); $count1 = mssql_num_rows($result1);
$result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$row2 = mssql_fetch_row($result2);
$founder = mssql_query ("Select * FROM account.dbo.user_no WHERE user_id ='".$user."'");
$result10 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_no = '".$founder."'");
$userno = "Select * FROM cash.dbo.user_cash WHERE amount WHERE user_no =' '".$founder."'";
$pplist = mssql_query($userno);
if($count1 == '0') {
echo 'This game account is not' ;
echo '<br>';
echo 'founded in the our database!';
echo '<br>';
echo '<a href="index.php">Try again!</a>';
}
elseif($row2[0] != $crypt_pass) {
echo 'Wrong password!';
echo '<br>';
echo '<a href="index.php">Try again!</a>';
}
elseif($_GET['login'] != 'login' && $count1 == '0') {
echo '<br>Login Error, <a href="index.php">Try again</a>';
} else {
// Begin secure content
$_SESSION['user'] = $user;
$amount = $_POST['amount'];
if($name)
{
mssql_select_db('account', $conn);
$r = query("SELECT user_no FROM dbo.USER_PROFILE WHERE user_id='".$user."'");
if(!mssql_num_rows($r))
echo 'No Character found with name: '.$user.'</br></br>';
else
{
$user_no = mssql_fetch_array($r);
mssql_select_db('cash', $conn);
$r = query("SELECT dbo.user_cash SET amount = amount WHERE user_no = '".$user_no[0]."';");
$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);
$result1 = mssql_query("SELECT user_no FROM account.dbo.account WHERE user_id = ".$_SESSION['user']."",conn);
$result2 = mssql_query("SELECT user_cash FROM character.dbo.cash WHERE amount = '".fdsfd."'",conn);
$coins55 = ($_POST['fdsfd']);
if($r)
echo "SOMETHING WRONG";
}
}
echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
echo 'DK-coins: ".$coins55."
<img src="img/coins.gif" alt="" width="14" height="16" /> <a href="index.php">(Buy more)</a> ';
echo '<br>- - - - - - - - - - - - - - - - - - </br>';
echo '<a href="reborn.php">REBORN SYSTEM</a> | <a href="votenow.php">VOTE</a>';
echo '<form id="form1" method="post" action="index.php">
<p> &n bsp; &nbs p; <input type="submit" name="Logout" id="Logout" value="Logout account" /></p>
</form>';
// Dont forget to and your session
// session_destroy();
// End secure content
}
} else {
echo '<h2> </h2>
<form name="" action="'.$_SERVER['php_self'].'?action=login" method="post">
Username: <input type="text" name="user" maxlength="16"><br/>
<br>
Password: <input type="password" name="pass" maxlength="16"><br/>
<br />
&n bsp; &nbs p; <input type="submit" value="Login account">
</form>';
echo '<a href="forgetpassword.php">Forget password?</a> | <a href="forum.php">Tehnical support</a>';
}
?>
Also there is some excess "script commands" but i don't wanna Modify them cuz i don't know.. so it will disrupt...
So guys ?
// YES THIS IS DOUBLE TOPIC BUT I NEVER SAW THAT SCRIPT IS RELASED
// IF U SAW ANYPOST WHERE IS IT EXPLAINED PLZ URL ME
// ALSO I DON'T UNNOTICED ALL YOUR FAIL COMMENTS.