db_config.php
NAME & PASSWORD editieren pls.
<?php
// Verify the php_mssql libary is installed and enabled.
if(!function_exists('mssql_connect')){
echo 'You must have the php_mssql library for Apache installed and enabled to connect to an MSSQL database. Uncomment the line that says extension=php_mssql.dll in your php.ini (XAMPP/WAMP only). This requires a restart of the Apache service to take effect.'; die();
}
// Database configuration parameters
$db_host = '127.0.0.1';
$db_user = 'NAME';
$db_pass = 'PASSWORD';
/**
* Sanitize user input to prevent SQL injection. Use this on ALL user input!
* This function is from CodeIgniter.
* I researched other methods of doing this, and this looked the most solid to me - Abrasive
* @param string $data
* @return string
*/
function mssql_escape_string($data) {
if(!isset($data) or empty($data)) return '';
if(is_numeric($data)) return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', // 11
'/\x0c/', // 12
'/[\x0e-\x1f]/' // 14-31
);
foreach($non_displayables as $regex)
$data = preg_replace($regex,'',$data);
$data = str_replace("'","''",$data);
return $data;
}
?>
register.php /(German)
<?php
require_once('recaptchalib.config.php');
require_once('recaptchalib.php');
require_once('db.config.php');
$user_ip = $_SERVER['REMOTE_ADDR'];
$username = isset($_POST['username']) ? mssql_escape_string(trim($_POST['username'])) : '';
$password = isset($_POST['password']) ? mssql_escape_string(trim($_POST['password'])) : '';
$password2 = isset($_POST['password2']) ? mssql_escape_string(trim($_POST['password2'])) : '';
$errors = array();
$success = false;
if(isset($_POST) && !empty($_POST)){
require_once('db.php');
// Validate user name.
$result = @mssql_query("SELECT UserID FROM PS_UserData.dbo.Users_Master WHERE UserID = '{$username}'") or die('Failed to verify is the provided user named already exists.');
if(empty($username)){
$errors[] = 'Bitte gib einen Namen ein.';
}else if(strlen($username) < 3 || strlen($username) > 16){
$errors[] = 'Dein name muss 3 bis 16 Zeichen lang sein.';
}else if(ctype_alnum($username) === false){
$errors[] = 'Dein Name darf nur aus Buchstaben und Zahlen bestehen.';
}else if(mssql_num_rows($result)){
$errors[] = 'Dieser Name exstistiert bereits,nimm bitte einen anderen.';
}
// Validate user password.
if(empty($password)){
$errors[] = 'Gib bitte ein Passwort ein.';
}else if(strlen($password) < 3 || strlen($password) > 16){
$errors[] = 'Dein Passwort muss mindestens 3 zeichen lang sein und maximal 16 zeihen bestitzen.';
}else if($password != $password2){
$errors[] = 'Passwort stimmt nicht überein.';
}
// Validate reCAPTCHA. This is to prevent someone botting account creation.
$response = recaptcha_check_answer($recaptcha_private_key,$_SE RVER['REMOTE_ADDR'],$_POST['recaptcha_challenge_field'],$_POST['recaptcha_response_field']);
if(!$response->is_valid){
if($response->error == 'incorrect-captcha-sol'){
$errors['recaptcha'] = 'reCAPTCHA falsch eingegeben';
}else{
$errors['recaptcha'] = $response->error;
}
}
// Persist the new account to the database if no previous errors occured.
if(count($errors) == 0){
$sql = "INSERT INTO PS_UserData.dbo.Users_Master
(UserID,Pw,JoinDate,Admin,AdminLevel,UseQueue,Stat us,Leave,LeaveDate,UserType,Point,EnPassword,UserI p)
VALUES ('{$username}','{$password}',GETDATE(),0,0,0,0,0,G ETDATE(),'N',0,'','{$user_ip}')";
// Remove the @ symbol here to see what the SQL error message is when running the above query in $sql.
if($result = @mssql_query($sql)){
$success = "Account {$username} erfolgreich erstellt!";
$sql = "SELECT [UserUID] FROM [PS_UserData].[dbo].[Users_Master] WHERE [UserID] = '$username'";
$res = mssql_query($sql);
$fet = mssql_fetch_array($res);
$res = mssql_query($sql);
}else{
// This means the insert statement is probably not valid for your database. Fix the query or fix your database, your choice ;)
$errors[] = 'Fehler beim erstellen des Accounts,versuche es später nochmal.';
}
}
}
// Determine which view to show.
if($success === false){
require_once('register.view.php');
}else{
require_once('success.view.php');
}
?>