[RELEASE] Simple login Script (with anti SQL inject)

02/08/2010 10:57 janvier123#1
Just a simple login script, nothing fancy about it,
but added with Anti SQL inject !

DO NOT USE THIS SCRIPT!

if you got a error, please reply with a error code
have fun !
@Mod this is not a double topic, its 2 different scripts so ... to prevent any confusion :)
@Everyone THIS IS MADE FOR DEKARON SO IAM POSTING IN THE RIGHT SECTION :bandit:
02/08/2010 12:00 gedimazs#2
you can make reg page with anti SQL injection :)
02/08/2010 12:06 janvier123#3
sure

EDIT: [Only registered and activated users can see links. Click Here To Register...]
tested and working
08/08/2012 20:23 Hesorio1u#4
Hello janvier123 i need your help.
O.k lets me explain ( sorry for my bad language )
i have my own site ( I made it in Dreamweaver )
So i wanna insert a that login script
but they have much bugs lets me shows main orginal page:
[Only registered and activated users can see links. Click Here To Register...]
and there is pic bugged ? can u fix it or explain me why this apear?
Problem pic: [Only registered and activated users can see links. Click Here To Register...]
:D
08/08/2012 21:34 janvier123#5
what are you using as webserver ?
08/09/2012 00:21 Hesorio1u#6
Currectly i'm using a xampp. While i finish the website .i'll do public.
08/09/2012 07:40 janvier123#7
i think you did not save the file as ".php"
08/09/2012 15:02 Hesorio1u#8
I HAVE ALL FILES
08/13/2012 22:39 Hesorio1u#9
hey javnier. u got Deathfront time script ?
08/28/2013 19:39 Scythey#10
i get this error code
Fatal error: Call to undefined function mssql_connect() in C:\xampp\htdocs\register.php on line 12
10/30/2014 14:37 akosicamar2#11
true.. me too! at line 12
10/30/2014 16:21 janvier123#12
[Only registered and activated users can see links. Click Here To Register...])
10/30/2014 18:17 fastswipe#13
Quote:
Originally Posted by Scythey View Post
i get this error code
Fatal error: Call to undefined function mssql_connect() in C:\xampp\htdocs\register.php on line 12
Line 12:
Code:
$CONFIG['conn']  = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);
Okay so what we have here is a array, the array is called CONFIG, the config has different stuff in it, for example $CONFIG['host'].

Think of an array as a box and you can put different stuff in it, and to access those stuff you need to specify it such as $CONFIG <- the box.
And the item you want for example $CONFIG['brain'], and if we take a closer look at your problems which i assume is HOST USER & PASS

They are being set at the top of the page.

$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "server";


But the problem is not within the code its because you don't have the
right version of php or dll, since the code does not know how to read the function mssql_connect. this brings is to Janvier123's let me google that for you. I assume your too lazy to read but if you are, i found a youtube clip that might help you.


DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!

I added some css to it, just in case someone is still working on their main website and wanna use the script meanwhile.



Code:
<style type="text/css">
* {
    padding: 0;
    margin: 0;
}

body {
    background-color: #444;
}

.big {
    width: 500px;
    padding: 10px;
    margin-top: 5px;
    border-radius: 2px;
    border: none;
}

.button {
    width: 150px;
    padding: 10px;
    margin-left: 175px;
    margin-top: 5px;
    border-radius: 3px;
    border: none;
}

fieldset {
    width: 500px;
    padding: 10px;
    margin: auto;
    margin-top: 200px;
}

legend {
    color: white;
    font-family: helvetica;
    font-size: 20px;
}

a {
    text-decoration: underline;
    color: white;

}

</style>
<?php
/*echo 'Current PHP version: ' . phpversion();
// Edit your mssql info here
// BEGIN MSSQL INFO
$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "server";
// END MSSQL INFO

//----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------

$CONFIG['conn']  = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function anti_injection($sql) {
   $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
   $sql = trim($sql);
   $sql = strip_tags($sql);
   $sql = addslashes($sql);
   return $sql;
}
//----------------------------------------------------------------------------------------------------------

if(isset($_GET['action']) && ($_GET['action'] == "login")){

    $user = anti_injection($_POST['user']);
    $pass = anti_injection($_POST['pass']);
    $crypt_pass = md5($pass);
        
    $result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'"); 
    $count1 = mssql_num_rows($result1); 

    $result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'"); 
    $row2 = mssql_fetch_row($result2); 

    if($count1 == '0') {
        echo '<br>This game account is not found in the database.';
    }
    elseif($row2[0] != $crypt_pass) {
        echo '<br>Wrong password. Try again.';
    }
    elseif($_GET['login'] != 'login' && $count1 == '0') {
        echo '<br>Login Error, Please login again.';
    } else {
    
    // Begin secure content 
        $_SESSION['user'] = $user;
        echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
        echo "<br>";
        echo "Your content here";
    // Dont forget to and your session
    // session_destroy();
    // End secure content
    }
} else {
  */
echo '<fieldset><legend>Login By <a href="http://www.elitepvpers.com/forum/dekaron-private-server/452255-release-simple-login-script-anti-sql-inject.html">Janvier123</a></legend></br>
    <form name="" action="'.$_SERVER['php_self'].'?action=login" method="post"> 
        <input class="big" type="text" name="user" maxlength="16" placeholder="Username"><br /> 
        <input class="big" type="password" name="pass" maxlength="16" placeholder="Password"> <br />
        <input class="button" type="submit" value="Login!"> 
    </form></fieldset>';
//}
?>