[RELEASE]Advanced Registration Script (ASP.NET)

Page 1 of 3 1 23
01/14/2013 15:03 ismokedrow#1
This script was actually never going to be released and probably die on my HDD as I am primarily a PHP coder not a ASP.NET coder. But due to some pushing from friends and Tatsuya stickying the wrong Regi thread I have decided w/ permission of Xijezu to release this.

Some Info:
Code:
- This script uses ASP.NET (required)
- This script uses .NET 4.0 Integrated (required)
- This script uses IIS(Internet Information Services) 7.5+ (required)
A couple warnings:
Code:
[B][SIZE="3"][COLOR="red"]- I will NOT be held responsible for your failure to implement or use this script correctly.

- I will NOT be held responsible for your failure to adapt and properly secure your server at ANY point in time.

- I will NOT provide support for this release (It's pretty self-explanatory)[/COLOR][/SIZE][/B]
Features:
Code:
- Non-Standard Age, Email inputs (Was going to add ip but never did)

- Automatic Errors (No more click "Create" to get "Passwords Do Not Match" or "Symbols Detected in Password" These errors are displayed under "Log" and until corrected the create button is unclickable.

- All Field Escaped 

- All Field are Symbol Sensitive (They will know if you're entering in symbols)
Credits:
Code:
<!-- 
Original Script By: Xijezu
Age, Email Inputs, Field Escaping, Error Checking By: iSmokeDrow
-->
Screenshot:

[Only registered and activated users can see links. Click Here To Register...]

How-To-Use:
Code:
Create a new folder in your website e.g. /register/ or /regi/ and place all files inside of this folder, using your favorite text-editor load the web.config file and change the info between REGISTERSCRIPT - CONFIG and REGISTERSCRIPT - CONFIG - END:

[code]
  <!--- - - - - - - - - - - - - - - - - - - - -  REGISTERSCRIPT - CONFIG - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <add key="sDbIP" value="localhost" />           <!-- Your Server-IP or SQL-Instanz: e.g. (local)\RAPPELZ, 127.0.0.1, localhost [...] -->
  <add key="sDbDatabase" value="Auth" />          <!-- Your Auth-Database (usually Auth) -->
  <add key="sDbUser" value="sa" />                <!-- Your SQL-Username (usually sa) -->
  <add key="sDbPassword" value="password" />      <!-- Your SQL-Password -->
  <add key="bUseWindowsLogin" value="1" />        <!-- If you want to create a connection without using Username & Password (ONLY WORKS LOCAL!), set this to 1, else set it to 0-->
  <add key="sMD5Key" value="2011" />              <!-- Your MD5-Key. Default is 2011 -->
  <!-- - - - - - - - - - - - - - - - - - - - -  REGISTERSCRIPT - CONFIG - END - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
Now save the web.config file with the information updates and you should have a working Advanced Registration Script.
[/code]

If you are incapable of making such a simple thing work, unable to google how to make such a simple thing work. Don't even think you can ask me how to make it work, if you enjoyed or found this post useful. Be a sport, click thanks.
01/15/2013 11:08 Mslolita#2
nice !

btw is there a way to insert a Ip bann function? like you said in the previous topic Ip adress will be insert into the ip_field and a limit account creator so any person is allowed to make max 3 accounts , this is because people will create unlimited accounts so you can't stop them if you bann their current account.

it should be very usefull to any private server out there not having this secured option
01/16/2013 23:04 Turtlefight#3
Actually everybody can simply use a Proxy to change/hide his IP , what makes an IP-Bann useless. Although many People have dynamic IP Addresses, meaning their IP-Address changes daily. So your Bann would only work for 1 Day and the poor Guy getting this IP is banned from registering...

I would recommed you using Cookies to ban them ( Okay, i know, everyone knows how to delete Cookies too, but it's better then IP Banning :P )


@ismokedrow
Nice Script,
(sorry i don't know ASP that good, maybe i'm wrong )
Isn't there a little Security Issue?
Code:
SqlDataReader dr = new SqlCommand(string.Format("SELECT login_name FROM Accounts WHERE login_name = '{0}'", tbUser.Text), sqlConn).ExecuteReader();
In this Command you simply insert the Username while some Lines later
Code:
 if (CheckInput(tbUser.Text) && CheckInput(tbPass.Text) && CheckInput(tbPassConf.Text) && CheckInput(tbAge.Text))
                    {
                        if (CheckLength(tbUser.Text) && CheckLength(tbPass.Text))
                        {
you start to verify it.

Means when i insert a nice Username like this ') GO DROP DATABASE Telecaster GO --
your Telecaster DB says Goodbye forever :P
Yeah normally your Client-Side should prevent this, but it shouldn't be too hard bypassing this.

Your Turtle
01/17/2013 00:36 marekrndr#4
Quote:
- All Field are Symbol Sensitive (They will know if you're entering in symbols)
...
01/17/2013 01:48 ismokedrow#5
He is technically right, but let me point something out to your turtle:

Quote:
Originally Posted by ismokedrow
- I will NOT be held responsible for your failure to adapt and properly secure your server at ANY point in time.
This script isn't mean't for noobs, if you don't know how to fix it then leave it alone. I do not personally use this script and only released it for a friend.



Unless you're offering a way of fixing the vulnerability and or releasing a fixed version; please refrain from posting in this thread. Thank you.
01/17/2013 11:21 c1ph3r#6
Quote:
Originally Posted by Turtlefight View Post
Actually everybody can simply use a Proxy to change/hide his IP , what makes an IP-Bann useless. Although many People have dynamic IP Addresses, meaning their IP-Address changes daily. So your Bann would only work for 1 Day and the poor Guy getting this IP is banned from registering...

I would recommed you using Cookies to ban them ( Okay, i know, everyone knows how to delete Cookies too, but it's better then IP Banning :P )


@ismokedrow
Nice Script,
(sorry i don't know ASP that good, maybe i'm wrong )
Isn't there a little Security Issue?
Code:
SqlDataReader dr = new SqlCommand(string.Format("SELECT login_name FROM Accounts WHERE login_name = '{0}'", tbUser.Text), sqlConn).ExecuteReader();
In this Command you simply insert the Username while some Lines later
Code:
 if (CheckInput(tbUser.Text) && CheckInput(tbPass.Text) && CheckInput(tbPassConf.Text) && CheckInput(tbAge.Text))
                    {
                        if (CheckLength(tbUser.Text) && CheckLength(tbPass.Text))
                        {
you start to verify it.

Means when i insert a nice Username like this ') GO DROP DATABASE Telecaster GO --
your Telecaster DB says Goodbye forever :P
Yeah normally your Client-Side should prevent this, but it shouldn't be too hard bypassing this.

Your Turtle
This won't happen if the user which is executing the query don't have the rights to do something like this^^ This user is only supposed to insert data into the account table. Normally this user shouldn't be able to do something else...

Everyone providing an user with full rights or something like this in the web.config is an idiot and should close his server directly^^
01/21/2013 15:33 slman890#7
i did as u written but when i open the page

i see the files of regi file

im using xampp 1.8
.....
01/21/2013 15:44 ismokedrow#8
Quote:
Originally Posted by slman890 View Post
i did as u written but when i open the page

i see the files of regi file

im using xampp 1.8
.....
I think you need to read the first post again.
01/21/2013 18:29 slman890#9
Quote:
Originally Posted by ismokedrow View Post
I think you need to read the first post again.

thnx

i did every thing u posted

u may mean these post:

<!--- - - - - - - - - - - - - - - - - - - - - REGISTERSCRIPT - CONFIG - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<add key="sDbIP" value="localhost" /> <!-- Your Server-IP or SQL-Instanz: e.g. (local)\RAPPELZ, 127.0.0.1, localhost [...] -->
<add key="sDbDatabase" value="Auth" /> <!-- Your Auth-Database (usually Auth) -->
<add key="sDbUser" value="sa" /> <!-- Your SQL-Username (usually sa) -->
<add key="sDbPassword" value="password" /> <!-- Your SQL-Password -->
<add key="bUseWindowsLogin" value="1" /> <!-- If you want to create a connection without using Username & Password (ONLY WORKS LOCAL!), set this to 1, else set it to 0-->
<add key="sMD5Key" value="2011" /> <!-- Your MD5-Key. Default is 2011 -->
<!-- - - - - - - - - - - - - - - - - - - - - REGISTERSCRIPT - CONFIG - END - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->


these post:

<add key="sDbIP" value="localhost" />

am i need only ip for db?

or ip and pc name?

frankly i did all of them but no banafet
01/21/2013 18:44 ismokedrow#10
I mean reading that this script will only work on IIS
01/21/2013 18:56 eziorav#11
Thanks drow for this script it is realy helpful and it worked with iis 8 express
01/21/2013 20:46 slman890#12
Quote:
Originally Posted by ismokedrow View Post
I mean reading that this script will only work on IIS
i've pv server at France and the os is w7

then i put files on C:\xampp\htdocs\regi

and change it to my pv server info<<< as u syed

then :

[Only registered and activated users can see links. Click Here To Register...]

im using Apache if that problem so how can i change it to iis

:confused:
01/21/2013 21:09 eziorav#13
Quote:
Originally Posted by slman890 View Post
i've pv server at France and the os is w7

then i put files on C:\xampp\htdocs\regi

and change it to my pv server info<<< as u syed

then :

[Only registered and activated users can see links. Click Here To Register...]

im using Apache if that problem so how can i change it to iis

:confused:
He told you to use iis not xampp
the way how to install u can find it in google
01/22/2013 00:06 slman890#14
Quote:
Originally Posted by eziorav View Post
He told you to use iis not xampp
the way how to install u can find it in google
oh!

thnks man i got it :)
01/23/2013 00:44 slman890#15
frankly we want something enplane that

video or URL for it

thank u
Page 1 of 3 1 23