After 1 week! I did it!

06/03/2018 21:23 tiaguim#1

PHP Code:


			
<?php

$serverName = "(local)";

$connectionInfo = array( "Database"=>"account", "UID"=>"tiaguim", "PWD"=>"1234" );

$conn = sqlsrv_connect( $serverName, $connectionInfo);

if( $conn === false ) {

     die( print_r( sqlsrv_errors(), true));

}







$sql = "INSERT INTO Tbl_user (user_no, user_id) VALUES (?, ?)";

$params = array("09101410275567", "tiaguim32");



$stmt = sqlsrv_query( $conn, $sql, $params);

if( $stmt === false ) {

     die( print_r( sqlsrv_errors(), true));

}

?>

HERE IT IS!! A working code! Finally! The solution was update the SQL server for 2008 and some tweaks here and there and voal�!
I code made by me! Working! Yeyyyy! Now i've to polish this up!

06/04/2018 12:39 yarin1115#2

Quote:

Originally Posted by tiaguim

PHP Code:

<?php $serverName = "(local)"; $connectionInfo = array( "Database"=>"account", "UID"=>"tiaguim", "PWD"=>"1234" ); $conn = sqlsrv_connect( $serverName, $connectionInfo); if( $conn === false ) { die( print_r( sqlsrv_errors(), true)); } $sql = "INSERT INTO Tbl_user (user_no, user_id) VALUES (?, ?)"; $params = array("09101410275567", "tiaguim32"); $stmt = sqlsrv_query( $conn, $sql, $params); if( $stmt === false ) { die( print_r( sqlsrv_errors(), true)); } ?>

What is it register?

06/04/2018 13:31 tiaguim#3

For dekaron PSERVER :D

06/04/2018 17:26 yarin1115#4

I didn't checked it yet, but you made Tbl_user only, what about USER_PROFILE?

06/04/2018 20:17 tiaguim#5

That was only a glimpse of the code! :D

Here's the one that i build until now!

PHP Code:


			
<?php

$serverName = "(local)";

$connectionInfo = array( "Database"=>"account", "UID"=>"tiaguim", "PWD"=>"1234" );

$connectionInfo2 = array( "Database"=>"cash", "UID"=>"tiaguim", "PWD"=>"1234" );

$conn = sqlsrv_connect( $serverName, $connectionInfo);

$conn2 = sqlsrv_connect( $serverName, $connectionInfo2);

if( $conn === false ) {

     die( print_r( sqlsrv_errors(), true));

}

//Random numero do ID de utilizador

$dk_time=strftime("%y%m%d%H%M%S");

list($usec1, $sec1) = explode(" ",microtime());

$dk_user_no=$dk_time.substr($usec1,2,2);



//Pegar valores do index

$UsuarioID = $_POST['input1'];

$Password = md5($_POST['input2']);



//Verificar e Password Md5





//Tbl_user

$sql = "INSERT INTO Tbl_user (user_no, user_id, user_pwd) VALUES (?,?,?)";

$params = array($dk_user_no, "$UsuarioID", "$Password");



$stmt = sqlsrv_query( $conn, $sql, $params);

if( $stmt === false ) {

     die( print_r( sqlsrv_errors(), true));

}



//USER_PROFILE

$sql2 = "INSERT INTO USER_PROFILE (user_no, user_id, user_pwd) VALUES (?,?,?)";

$params2 = array($dk_user_no, "$UsuarioID", "$Password");



$stmt2 = sqlsrv_query( $conn, $sql2, $params2);

if( $stmt2 === false) {

    die( print_r( sqlsrv_errors(), true));

}



//user_cash

$sql3 = "INSERT INTO user_cash (id, user_no, group_id, amount, free_amount) VALUES (?,?,?,?,?)";

$params3 = array($dk_user_no, $dk_user_no,"01","10000","0" );



$stmt3 = sqlsrv_query( $conn2, $sql3, $params3);

if ($stmt3 === false) {

    die( print_r( sqlsrv_errors(), true));

}



Echo "Sucess!";

?>

I also have this little HTML form

HTML Code:

<form action="Processar.php" method="post" />
<p>Usuario: <input type="text" name="input1" /></p>
<p>Senha: <input type="password" name="input2" /></p>
<input type="submit" name="register" value="Registar" />
</form>

06/04/2018 23:33 [DEV]Dekaron#6

Nice work

06/05/2018 00:06 tiaguim#7

Thanks a lot! @[Only registered and activated users can see links. Click Here To Register...] I'm still working here! Maybe today i will post more code!

06/05/2018 12:45 louisxsyla#8

need any help with php+SQL?

06/05/2018 15:00 tiaguim#9

@[Only registered and activated users can see links. Click Here To Register...] This is problably the final code, if you can see something that it can be corrected, feel free to say it :D

PHP Code:


			
<?php

$serverName = "(local)";

$connectionInfo = array( "Database"=>"account", "UID"=>"tiaguim", "PWD"=>"1234" );

$connectionInfo2 = array( "Database"=>"cash", "UID"=>"tiaguim", "PWD"=>"1234" );

$conn = sqlsrv_connect( $serverName, $connectionInfo);

$conn2 = sqlsrv_connect( $serverName, $connectionInfo2);

if( $conn === false ) {

     die( print_r( sqlsrv_errors(), true));

}

//Random numero do ID de utilizador

$dk_time=strftime("%y%m%d%H%M%S");

list($usec1, $sec1) = explode(" ",microtime());

$dk_user_no=$dk_time.substr($usec1,2,2);



//Pegar valores do index

$UsuarioID = $_POST['input1'];

$Password = md5($_POST['input2']);

$Mail = $_POST['input3'];

$Pergunt = $_POST['input4'];

$Respost = $_POST['input5'];



//Bot�o Pressionado

if(isset($_POST['register'])){

    

$Loginsql = "select user_id from Tbl_user where user_id='$UsuarioID'";

$params2 = array();

$options =  array( "Scrollable" => "buffered" );





$qLogin = sqlsrv_query($conn, $Loginsql, $params2, $options);

$rLogin = sqlsrv_num_rows($qLogin);





$Mailsql = "select user_mail from Tbl_user where user_mail='$Mail'";



$qEmail = sqlsrv_query($conn, $Mailsql, $params2, $options);

$rEmail = sqlsrv_num_rows($qEmail);



if(empty($UsuarioID) || empty($Password) || empty($Mail) || empty($Pergunt) || empty($Respost)) {

echo "Preencha todos os campos corretamente";

}

elseif($rLogin >= 1){

die("Esse usuario j� existe");

}

elseif($rEmail >= 1){

die("Esse email j� existe");

}

else{





//Tbl_user

$sql = "INSERT INTO Tbl_user (user_no, user_id, user_pwd, user_mail, user_answer, user_question, IP) VALUES (?,?,?,?,?,?,?)";

$params = array($dk_user_no, $UsuarioID, $Password, $Mail, $Respost, $Pergunt, null);



$stmt = sqlsrv_query( $conn, $sql, $params);

if( $stmt === false ) {

     die( print_r( sqlsrv_errors(), true));

}



//USER_PROFILE

$sql2 = "INSERT INTO USER_PROFILE (user_no, user_id, user_pwd) VALUES (?,?,?)";

$params2 = array($dk_user_no, $UsuarioID, $Password);



$stmt2 = sqlsrv_query( $conn, $sql2, $params2);

if( $stmt2 === false) {

    die( print_r( sqlsrv_errors(), true));

}



//user_cash

$sql3 = "INSERT INTO user_cash (id, user_no, group_id, amount, free_amount) VALUES (?,?,?,?,?)";

$params3 = array($dk_user_no, $dk_user_no,"01","10000","0" );



$stmt3 = sqlsrv_query( $conn2, $sql3, $params3);

if ($stmt3 === false) {

    die( print_r( sqlsrv_errors(), true));

}

Echo "Your account have been registered!";

}

}

?>

The html code is also here

HTML Code:

<htlm>
<title>RyuDekaron</title>

<body bgcolor="#000000">
<div align="center">
<form action="Processar.php" method="post" />
<p><font color="#ffffff"> Usuario: </font><br> 
<input type="text" name="input1" maxlength="16" color="#FFFFFF" /></p>
<p><font color="#ffffff"> Senha: </font><br> 
<input type="password" name="input2" maxlength="32"/></p>
<p><font color="#ffffff"> Email: </font><br>
<input type="email" name="input3" maxlength="50" /></p>
<p><font color="#ffffff"> Pergunta Secreta: </font><br> 
<input type="text" name="input4" maxlength="22" /></p>
<p><font color="#ffffff"> Resposta Secreta: </font><br> 
<input type="text" name="input5" maxlength="22" /></p>
<input type="submit" name="register" value="Registar" />
</div>
</body>
</form>
</html>

Final Result!

PHP Code:


			
<?php

$serverName = "(local)";

$connectionInfo = array( "Database"=>"account", "UID"=>"tiaguim", "PWD"=>"1234" );

$connectionInfo2 = array( "Database"=>"cash", "UID"=>"tiaguim", "PWD"=>"1234" );

$conn = sqlsrv_connect( $serverName, $connectionInfo);

$conn2 = sqlsrv_connect( $serverName, $connectionInfo2);

if( $conn === false ) {

     die( print_r( sqlsrv_errors(), true));

}

//Random numero do ID de utilizador

$dk_time=strftime("%y%m%d%H%M%S");

list($usec1, $sec1) = explode(" ",microtime());

$dk_user_no=$dk_time.substr($usec1,2,2);



//Pegar valores do index

$UsuarioID = $_POST['input1'];

$Password = md5($_POST['input2']);

$Mail = $_POST['input3'];

$Pergunt = $_POST['input4'];

$Respost = $_POST['input5'];



//Bot�o Pressionado

if(isset($_POST['register'])){

    

$Loginsql = "select user_id from Tbl_user where user_id='$UsuarioID'";

$params2 = array();

$options =  array( "Scrollable" => "buffered" );





$qLogin = sqlsrv_query($conn, $Loginsql, $params2, $options);

$rLogin = sqlsrv_num_rows($qLogin);





$Mailsql = "select user_mail from Tbl_user where user_mail='$Mail'";



$qEmail = sqlsrv_query($conn, $Mailsql, $params2, $options);

$rEmail = sqlsrv_num_rows($qEmail);



if(empty($UsuarioID) || empty($Password) || empty($Mail) || empty($Pergunt) || empty($Respost)) {

echo "Preencha todos os campos corretamente, volte para a p�gina <a href='http://25.81.112.243/Ryudekaron.html'> inicial <a/>";

}

elseif($rLogin >= 1){

die("Esse usuario j� existe, volte para a p�gina <a href='http://25.81.112.243/Ryudekaron.html'> inicial <a/>");

}

elseif($rEmail >= 1){

die("Esse email j� existe, volte para a p�gina <a href='http://25.81.112.243/Ryudekaron.html'> inicial <a/>");

}

else{



//Dia hora data

$dia = (strftime("%x %X"));







//Tbl_user

$sql = "INSERT INTO Tbl_user (user_no, user_id, user_pwd, user_mail, user_answer, user_question, IP) VALUES (?,?,?,?,?,?,?)";

$params = array($dk_user_no, $UsuarioID, $Password, $Mail, $Respost, $Pergunt, null);



$stmt = sqlsrv_query( $conn, $sql, $params);

if( $stmt === false ) {

     die( print_r( sqlsrv_errors(), true));

}



//USER_PROFILE

$sql2 = "INSERT INTO USER_PROFILE (user_no, user_id, user_pwd, resident_no, user_type, login_flag, login_tag, ipt_time, login_time, logout_time, user_ip_addr, server_id) VALUES (?,?,?,?,?,?,?,?,?,?,CAST('?' AS VARBINARY(4)),?)";

$params2 = array($dk_user_no, $UsuarioID, $Password, "801011000000", "1", "0", "Y", $dia, null, null, null, "000");



$stmt2 = sqlsrv_query( $conn, $sql2, $params2);

if( $stmt2 === false) {

    die( print_r( sqlsrv_errors(), true));

}



//user_cash

$sql3 = "INSERT INTO user_cash (id, user_no, group_id, amount, free_amount) VALUES (?,?,?,?,?)";

$params3 = array($dk_user_no, $dk_user_no,"01","10000","0" );



$stmt3 = sqlsrv_query( $conn2, $sql3, $params3);

if ($stmt3 === false) {

    die( print_r( sqlsrv_errors(), true));

}

Echo "Sua conta foi registada com sucesso!";

}

}

?>

I think it's pretty neet xD "Must of the stuff is in Portuguese, because i'm Portuguese, but i can converto the guidelines to english if you want" xD

06/06/2018 22:48 Synns#10

A basic registration, but it looks good.... as a tip if it's not for personal use you should add sql injection-safe because many people like to see these security holes. You can also consider it as an improvement in your script... but nice work

06/06/2018 23:27 tiaguim#11

Quote:

Originally Posted by Synns

A basic registration, but it looks good.... as a tip if it's not for personal use you should add sql injection-safe because many people like to see these security holes. You can also consider it as an improvement in your script... but nice work

Sorry for my ignorance, but i don't know what is a SQL injection-safe xDDD