|
register.php
Quote:
Zitat:
Code:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<?php
ini_set('display_errors', 0);
$connection = mssql_connect('xxx', 'xxx', 'xxx'); //Change YOURHOST and YOURPASSWORD
if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
{
die('Unable to connect or select database!');
}
$checkusername = $_POST['Username'];
$query = mssql_query("SELECT account FROM ACCOUNT_TBL WHERE account = '$checkusername'");
$result = mssql_fetch_row($query);
if(isset($_POST['submit'])){
if($_POST['Username'] == ""){
$error = '<font color="red"><b>Please enter a username.</b></font>';
}
else if($result[0] == $checkusername){
$error = '<font color="red"><b>This username already exists. Please choose another one.</b></font>';
}
else if($_POST['Password'] == ""){
$error = '<font color="red"><b>Please enter a password.</b></font>';
}
else{
$password = md5('kikugalanet' . $_POST['Password']);
$stmt = mssql_init('webCreateAcc', $connection);
mssql_bind($stmt, '@account', $checkusername, SQLVARCHAR, false, false, 15);
mssql_bind($stmt, '@password', $password, SQLVARCHAR, false, false, 36);
mssql_bind($stmt, '@birthday', $checkusername, SQLVARCHAR, false, false, 120);
mssql_bind($stmt, '@email', $checkusername, SQLVARCHAR, false, false, 120);
mssql_execute($stmt) or die ("Could not complete the registration. Please try again.");
mssql_free_statement($stmt);
$error = '<font color="green"><b>Registration complete!</b></font>';
}
}
echo '<form action="register.php" method="post">';
echo 'Username: &nbs p; <input type="text" name="Username" /><br /><br />';
echo 'Password: &nbs p; <input type="password" name="Password" /><br /><br />';
echo '<input type="submit" name="submit" value="Register" />   ;& nbsp';
echo '</form>';
echo $error;
?>
|
|