Hai all, i'm trying to get a working regpage in my portal, i use this code:
I edited the original one to change the old mssql commands with sqlsrv commands.
The original php code was made from janvier.
Original php code:
Janvier script use mssql codes which cant be used with PHP 5.2.x +, since php_mssql.dll extension is no longer supported/used.
When i try to make an account, i put all infos needed and when i press "Create Account" nothing happen. :\ any help?
I've been able to get create account button to work, but the script put wrong info into tbl_user (like $accname, $accpass1 etc, not their values) and nothing into user_profile :|
PHP Code:
<?php
$mssql = array(
'host' => "DEDI IP",
'user' => "DEDI mssql acc",
'pass' => "DEDI mssql passw"
);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
echo "<center>";
if($_POST['activ'] == '1') {
$accname = anti_injection($_POST['accname']);
$accmail = anti_injection($_POST['accmail']);
$accpass1 = anti_injection($_POST['accpass1']);
$accpass2 = anti_injection($_POST['accpass2']);
$serverName = "xxxxxxxxx";
$connectionInfo = array("UID" => "xxxxxxx", "PWD" => "xxxxxxxx", "Database"=>"Account");
$con=sqlsrv_connect($serverName,$connectionInfo);
$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$dk_user_no=$dk_time.substr($usec1,2,2);
if(empty($accname) || empty($accpass1) || empty($accpass2)|| empty($accname) || empty($accmail)) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($row3 > '0') {
echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 != $accpass2) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 == $accname) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accname) < 3 || strlen($accname) > 15) {
echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 15) {
echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} else {
$accpass = md5($accpass1);
$tsql_1 = "INSERT INTO account.dbo.USER_PROFILE
(user_no,
user_id,
user_pwd,
resident_no,
user_type,
login_flag,
login_tag,
ipt_time,
login_time,
logout_time,
user_ip_addr,
server_id)
VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$params_1 = array(".$dk_user_no.",".$accname.",".$accpass.",'801011000000','1','0','Y',25/05/2013,null,null,null,'000');
$stmt_1 = sqlsrv_query( $con, $tsql_1, $params_1);
$tsql_2 = "INSERT INTO account.dbo.Tbl_user
(user_no,
user_id,
user_pwd,
user_mail,
user_answer,
user_question)
VALUES
(?, ?, ?, ?, ?, ?)";
$params_2 = array(".$dk_user_no.",".$accname.",".$accpass1.",".$accmail.","0","0");
$stmt_2 = sqlsrv_query( $con, $tsql_2, $params_2);
echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>";
echo "<center>Here is your login info again:</center>";
echo "<center>Your account name is: <b>".$accname."</b></center>";
echo "<center>Your password is: <b>".$accpass1."</b></center>";
echo "DO NOT LOOSE THIS INFO!";
}
} else {
$serverName = "xxxxxxxxxxxxxx";
$connectionInfo = array("UID" => "xxxxxxxx", "PWD" => "xxxxxxxxxx", "Database"=>"Account");
$con = sqlsrv_connect( $serverName, $connectionInfo);
$sql_4 = "SELECT * FROM account.dbo.USER_PROFILE";
$params_4 = array();
$options_4 = array();
$result4 = sqlsrv_query( $con, $sql_4, $params_4, $options_4 );
$row4 = sqlsrv_num_rows($result4);
echo "<tr><td colspan='2' align='center'><b><u>Make an ingame account</u></b></td></tr>";
echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>";
echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>";
echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>";
echo "<tr><td colspan='2' align='center'>
<input type='hidden' name='activ' value='1'>
<input type='submit' value='Create Account'></td></tr>";
}
?>
I edited the original one to change the old mssql commands with sqlsrv commands.
The original php code was made from janvier.
Original php code:
<?php
// fill in your mssql info here
$mssql = array(
'host' => "localhost",
'user' => "sa",
'pass' => "server"
);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
echo "<center>";
if($_POST['activ'] == '1') {
$accname = anti_injection($_POST['accname']);
$accmail = anti_injection($_POST['accmail']);
$accpass1 = anti_injection($_POST['accpass1']);
$accpass2 = anti_injection($_POST['accpass2']);
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE WHERE user_id = '".$accname."'",$con);
$result2 = mssql_query("SELECT * FROM account.dbo.Tbl_user WHERE user_id = '".$accname."'",$con);
$result3 = mssql_query("SELECT * FROM account.dbo.Tbl_user WHERE user_mail = '".$accmail."'",$con);
$row1 = mssql_num_rows($result1);
$row2 = mssql_num_rows($result2);
$row3 = mssql_num_rows($result3);
$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$dk_user_no=$dk_time.substr($usec1,2,2);
if(empty($accname) || empty($accpass1) || empty($accpass2)|| empty($accname) || empty($accmail)) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($row3 > '0') {
echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 != $accpass2) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 == $accname) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$accmail)) {
echo "<br>Your e-Mail is not correct.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accname) < 3 || strlen($accname) > 15) {
echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 15) {
echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} else {
$accpass = md5($accpass1);
mssql_query("INSERT INTO account.dbo.USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,lo gin_flag,login_tag,ipt_time,login_time,logout_time ,user_ip_addr,server_id) VALUES ('$dk_user_no','".$accname."','".$accpass."','8010 11000000','1','0','Y','".$date."',null,null,null,' 000')",$con);
mssql_query("INSERT INTO account.dbo.Tbl_user (user_no,user_id,user_pwd,user_mail,user_answer,us er_question) VALUES ('$dk_user_no','".$accname."','".$accpass1."','".$ accmail."','0','0')",$con);
echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>";
echo "<center>Here is your login info again:</center>";
echo "<center>Your account name is: <b>".$accname."</b></center>";
echo "<center>Your password is: <b>".$accpass1."</b></center>";
echo "DO NOT LOOSE THIS INFO, YOU MAY WRITE IS DOWN AND HIDE IT";
}
} else {
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE",$con);
$row1 = mssql_num_rows($result1);
echo "<center><b><u>This time we have ".$row1." Registed Accounts on our Server<br>Join us.</b></u></center><br>";
echo "<form action='".$_SEVER['PHP_SELF']."' method='POST'>";
echo "<center><table>";
echo "<tr><td colspan='2' align='center'><b><u>Your Account Info</u></b></td></tr>";
echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>";
echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'><b><u>Other account info</u></b></td></tr>";
echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'>
<input type='hidden' name='activ' value='1'>
<input type='submit' value='Create Account'></td></tr>";
echo "</table></center>";
echo "</form>";
}
echo "</center>";
?>
// fill in your mssql info here
$mssql = array(
'host' => "localhost",
'user' => "sa",
'pass' => "server"
);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
echo "<center>";
if($_POST['activ'] == '1') {
$accname = anti_injection($_POST['accname']);
$accmail = anti_injection($_POST['accmail']);
$accpass1 = anti_injection($_POST['accpass1']);
$accpass2 = anti_injection($_POST['accpass2']);
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE WHERE user_id = '".$accname."'",$con);
$result2 = mssql_query("SELECT * FROM account.dbo.Tbl_user WHERE user_id = '".$accname."'",$con);
$result3 = mssql_query("SELECT * FROM account.dbo.Tbl_user WHERE user_mail = '".$accmail."'",$con);
$row1 = mssql_num_rows($result1);
$row2 = mssql_num_rows($result2);
$row3 = mssql_num_rows($result3);
$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$dk_user_no=$dk_time.substr($usec1,2,2);
if(empty($accname) || empty($accpass1) || empty($accpass2)|| empty($accname) || empty($accmail)) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($row3 > '0') {
echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 != $accpass2) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 == $accname) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$accmail)) {
echo "<br>Your e-Mail is not correct.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accname) < 3 || strlen($accname) > 15) {
echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 15) {
echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} else {
$accpass = md5($accpass1);
mssql_query("INSERT INTO account.dbo.USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,lo gin_flag,login_tag,ipt_time,login_time,logout_time ,user_ip_addr,server_id) VALUES ('$dk_user_no','".$accname."','".$accpass."','8010 11000000','1','0','Y','".$date."',null,null,null,' 000')",$con);
mssql_query("INSERT INTO account.dbo.Tbl_user (user_no,user_id,user_pwd,user_mail,user_answer,us er_question) VALUES ('$dk_user_no','".$accname."','".$accpass1."','".$ accmail."','0','0')",$con);
echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>";
echo "<center>Here is your login info again:</center>";
echo "<center>Your account name is: <b>".$accname."</b></center>";
echo "<center>Your password is: <b>".$accpass1."</b></center>";
echo "DO NOT LOOSE THIS INFO, YOU MAY WRITE IS DOWN AND HIDE IT";
}
} else {
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE",$con);
$row1 = mssql_num_rows($result1);
echo "<center><b><u>This time we have ".$row1." Registed Accounts on our Server<br>Join us.</b></u></center><br>";
echo "<form action='".$_SEVER['PHP_SELF']."' method='POST'>";
echo "<center><table>";
echo "<tr><td colspan='2' align='center'><b><u>Your Account Info</u></b></td></tr>";
echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>";
echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'><b><u>Other account info</u></b></td></tr>";
echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'>
<input type='hidden' name='activ' value='1'>
<input type='submit' value='Create Account'></td></tr>";
echo "</table></center>";
echo "</form>";
}
echo "</center>";
?>
Janvier script use mssql codes which cant be used with PHP 5.2.x +, since php_mssql.dll extension is no longer supported/used.
When i try to make an account, i put all infos needed and when i press "Create Account" nothing happen. :\ any help?
I've been able to get create account button to work, but the script put wrong info into tbl_user (like $accname, $accpass1 etc, not their values) and nothing into user_profile :|