MSSQL Connection

04/15/2017 17:25 KyoceraZ#1

Hey,

I want to create a connection from the webserver to the rootserver which have a mssql server. If I put the register script on the rootserver it works but if I wanna put the register script on the webserver it don�t work, ODBC settings on the server are correct.

register.html:

PHP Code:


			
    <head>
        <link rel="stylesheet" type="text/css" href="reg.css">
        <title>Everlasting RaiderZ Register!</title>
    </head>
<html>
    <body style="height: 100%;width: 100%;margin: 0; background-image:url('http://i.imgur.com/Rj6OhNk.jpg'); background-repeat: no-repeat; background-attachment: fixed; background-position: 40% 10%; ">
    <div style="margin: auto;width: 13%;padding-top: 50px;" >
    <a href="https://www.facebook.com/EverlastingRaiderZ/" title="Volver"> <img src="logo.png" alt="Everlasting RaiderZ" height="150px" width="330px" style="margin-left: -100px;"> </a>
        <form action='register.php' method='POST'>
            
            <br>
            <br>
            <c> Account Registration</c>
            <br>
            <br>
            <b >Username </b>
            <br>        
                <input title="4-12 Characters without spaces and without symbols" type='text' name='username'>
                <br>
                <br>
            <b>Password</b>
            <br>
                <input title="4-12 Characters without spaces and without symbols" type='password' name='password'>

                <br>
                <br>
            <b>Repeat Password</b>
            <br>
                <input title="4-12 Characters without spaces and without symbols" type='password' name='password_conf'>

                <br>
                <br>

            <b>E-mail Adress</b>
            <br>
                <input title="E-mail" type='text' name='email'>
                <br>
                <br>
            <b>Secret Question</b>
            <br>
                <input title="4-20 Characters without spaces and without symbols" type='text' name='secret'>
                <br>
                <br>
            <b>Answer</b>
            <br>
                <input title="4-12 Characters without spaces and without symbols" type='text' name='resp'>
                <br>
                <br>
                <input type='submit' value='Register by  now!'>
                <br>
                <br>
                <input type="reset" value="Reset!" />
    </div>            
    </body>
</html>

PHP Code:


			
<?php
$server = "Server IP";
$host = "MSSQL\NAME";
$user = "USER";
$pass = "PW";
$dbname = "DB";

$connect = odbc_connect("Driver={SQL Server Native Client 10.0}; ServerName={$server}; Server={$host}; Database={$dbname}", $user, $pass) or die("Can't connect the MSSQL server.");

    function valida_email($email) {//Funktion um das Format der E-Mail zu best�tigen!
            if (preg_match('/^[A-Za-z0-9-_.+%]+@[A-Za-z0-9-.]+\.[A-Za-z]{2,4}$/', $email)) return true;
            else return false;
            } 

$userid = $_POST['username'];
$pass = $_POST['password'];
$login = md5($userid . ' ' . $pass);
$email = $_POST['email'];
$secret = $_POST['secret'];
$resp = $_POST['resp'];
$password_conf = $_POST['password_conf'];

$result = odbc_exec($connect, "SELECT name FROM dbo.Account WHERE name = '$userid'");
$existing_users = odbc_num_rows($result);
if($existing_users >= 1) {//�berpr�ft, ob das Konto noch nicht existiert!
    header("location:accal.html");
}

$result2 = odbc_exec($connect, "SELECT email FROM dbo.Account WHERE email = '$email'");
$existing_email = odbc_num_rows($result2);
if($existing_email >= 1) {//�berpr�ft, ob die E-Mail nicht in Gebrauch ist!
header("location:accal2.html");
}


if (!$_POST['username'] )
{//Schaut dass kein Feld leer ist!
header("location:accal3.html");
die();

}

if (!$_POST['password'] )
{//Schaut dass kein Feld leer ist!
header("location:accal3.html");
die();
}

if (!$_POST['email'] )
{//Schaut dass kein Feld leer ist!
header("location:accal3.html");
die();
}

if (!$_POST['secret'] )
{//Schaut dass kein Feld leer ist!
header("location:accal3.html");
die();
}

if (!$_POST['resp'] )
{//Schaut dass kein Feld leer ist!
header("location:accal3.html");
die();
}

if($_POST['password'] != $_POST['password_conf']) { // Wir �berpr�fen, ob die eingegebenen Kennw�rter �bereinstimmen
            header ("location:accal5.html");
            die();
        }

if(!valida_email($_POST['email'])) { // �berpr�fen, ob die eingegebene E-Mail korrekt ist
            header("location:accal2b.html");
            die();
}

odbc_exec($connect, "INSERT INTO dbo.Account (name, passwd, email, secretquestion, secretanswer, regdate) VALUES ('$userid', HASHBYTES('MD5', LTRIM(RTRIM('$userid')) + LTRIM(RTRIM('$pass'))), '$email', '$secret', '$resp', GETDATE())");
odbc_close($conn);
?>
<head>
        <link rel="stylesheet" type="text/css" href="regphp.css">
    </head>
<html>
    <body>
        <style type="text/css"></style>
            <a href="https://www.facebook.com/" title="Volver"> </a>
            <br>
            <br>
            <c> Account Registration</c>
            <br>
            <br>
            <br>
            <br>
            <br>
            <br>
            
            
            <b >Username: </b> <br> <d><?php echo $userid;
                            ?></d>
            <br>    
            <br>            
            <b>Password: </b> <br> <d><?php echo $pass;
                            ?> </d>
            <br>
            <br>
            <b>E-mail: </b> <br> <d><?php echo $email;
                            ?> </d>
            <br>
            <br>
            <b>Secret Question: </b> <br> <d><?php echo $secret;
                            ?> </d>
            <br>
            <br>
            <b>Answer: </b> <br> <d><?php echo $resp;
                            ?> </d>
            <br>
            <br>
            <br>
            <br>
            <br>
            <c>Thanks for registering, remember to enter your accountname small!</c>
            <br>
            <br>
            <a href="https://www.facebook.com//" title="Volver">Go to home page!</a>
            <br>        
            
    </body>
</html>

If I register it I become a error:

Warning: odbc_connect(): SQL error: [unixODBC][Driver Manager]Can't open lib 'SQL Server Native Client 10.0' : file not found, SQL state 01000 in SQLConnect in /www/htdocs/MyUserName/MyDomain/register-ingame/register.php on line 8
Can't connect the MSSQL server.

04/15/2017 21:59 krankheit#2

could this help you ?
[Only registered and activated users can see links. Click Here To Register...]
i would try in the sql studio ? create the connection....

Quote:

$server = "Server IP";
$host = "MSSQL\NAME";
$user = "USER";
$pass = "PW";
$dbname = "DB";

you filled here your right data ?

04/16/2017 17:47 Underfisk#3

An advice: Dont use odbc :)
I use alot of mssql because Dekaron an rpg i develop, uses alot of mssql and while im creating websites i just connect like this :

PHP Code:


			
//config here like yours

$con = mssql_connect($site_config['host'],$site_config['user'],$site_config['pass']);

Just do a connect and when you make a query just call it :)

04/24/2017 08:44 KyoceraZ#4

Quote:

Originally Posted by Underfisk

An advice: Dont use odbc :)
I use alot of mssql because Dekaron an rpg i develop, uses alot of mssql and while im creating websites i just connect like this :

PHP Code:

//config here like yours $con = mssql_connect($site_config['host'],$site_config['user'],$site_config['pass']);

Just do a connect and when you make a query just call it :)

Thanks, I will try it. But where do I add that he must connect to another server? I must insert the server ip of the other server, thats why I need odbc I guess

04/25/2017 15:40 Underfisk#5

What do you mean with connect to another server? You mean sql instance or another ip? And i cant get the point of needing another ip.
So you are trying to connect to a server or for 2 at same time.. Its quite confused xd

04/29/2017 19:28 KyoceraZ#6

The mysql is on the webserver with the register script. The gameserver with the mssql server is on another server, also registerscript is on the url webserver.elitepvpers.com (samplepage) and the gameserver with mssql is on gameserver.elitepvpers.com
Now I need a connection from webserver to gameserver, so I must add a IP to the gameserver on my webserver that he can write the datas in the mssql server

04/29/2017 19:34 Alpha#7

Side note: Escape the username & email strings, you've got SQL injection right there

04/29/2017 20:14 KyoceraZ#8

Quote:

Originally Posted by chillout74

Side note: Escape the username & email strings, you've got SQL injection right there

Hm okay..how can I solve that problem?

04/29/2017 23:09 Underfisk#9

Here you go

PHP Code:


			
function anti_injection($sql)

{

   $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);

   $sql = trim($sql); 

   $sql = strip_tags($sql);

   $sql = addslashes($sql);

   return $sql;

}

04/30/2017 03:49 atom0s#10

If you are using PHP, just use PDO. [Only registered and activated users can see links. Click Here To Register...] Using prepared statements prevents injections. This will protect you from nearly all injection types. You can google for the various other adjustments/settings you can use to prevent from the rest. But using a random regex check on a query is not the way to protect yourself.