|
You last visited: Today at 16:17
Advertisement
Register A9
Discussion on Register A9 within the Dekaron Private Server forum part of the Dekaron category.
06/29/2014, 14:21
|
#1
|
elite*gold: 0 
Join Date: Jan 2013
Posts: 100
Received Thanks: 42
|
Register A9
ANTI-SQL INJECT ADD DONE 
Credit: Janvier123
Code:
<?php
// fill in your mssql info here
$mssql = array(
'host' => "localhost",
'user' => "sa",
'pass' => "server"
);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
echo "<center>";
if($_POST['activ'] == '1') {
$accname = anti_injection($_POST['accname']);
$accmail = anti_injection($_POST['accmail']);
$accpass1 = anti_injection($_POST['accpass1']);
$accpass2 = anti_injection($_POST['accpass2']);
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE WHERE user_id = '".$_POST['accname']."'",$con);
$row1 = mssql_num_rows($result1);
$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$dk_user_no=$dk_time.substr($usec1,2,2);
if(empty($accname) || empty($accpass1) || empty($accpass2)|| empty($accname) || empty($accmail)) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($row3 > '0') {
echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 != $accpass2) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 == $accname) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$accmail)) {
echo "<br>Your e-Mail is not correct.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accname) < 3 || strlen($accname) > 15) {
echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 15) {
echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} else {
$accpass = md5($accpass1);
mssql_query("INSERT INTO account.dbo.USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,login_flag,login_tag,ipt_time,login_time,logout_time,user_ip_addr,server_id) VALUES ('$dk_user_no','".$accname."','".$accpass."','801011000000','1','0','Y','".$date."',null,null,null,'000')",$con);
echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>";
echo "<center>Here is your login info again:</center>";
echo "<center>Your account name is: <b>".$accname."</b></center>";
echo "<center>Your password is: <b>".$accpass1."</b></center>";
echo "DO NOT LOOSE THIS INFO, YOU MAY WRITE IS DOWN AND HIDE IT";
}
} else {
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE",$con);
$row1 = mssql_num_rows($result1);
echo "<center><b><u>This time we have ".$row1." Registed Accounts on our Server<br>Join us.</b></u></center><br>";
echo "<form action='".$_SEVER['PHP_SELF']."' method='POST'>";
echo "<center><table>";
echo "<tr><td colspan='2' align='center'><b><u>Your Account Info</u></b></td></tr>";
echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>";
echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'><b><u>Other account info</u></b></td></tr>";
echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'>
<input type='hidden' name='activ' value='1'>
<input type='submit' value='Create Account'></td></tr>";
echo "</table></center>";
echo "</form>";
}
echo "</center>";
?>
|
|
|
|
06/29/2014, 14:42
|
#2
|
elite*gold: 0
Join Date: Mar 2013
Posts: 294
Received Thanks: 91
|
Thanks
|
|
|
|
|
06/29/2014, 15:35
|
#3
|
elite*gold: 0
Join Date: Jun 2013
Posts: 573
Received Thanks: 342
|
Dont have anti sql inject..
Not secure.
|
|
|
|
|
06/29/2014, 15:37
|
#4
|
elite*gold: 0
Join Date: Mar 2013
Posts: 294
Received Thanks: 91
|
Not secure but work
we need add anti-sql injection
|
|
|
|
|
06/29/2014, 16:44
|
#5
|
elite*gold: 0
Join Date: Jan 2013
Posts: 100
Received Thanks: 42
|
Quote:
Originally Posted by Farius~
Dont have anti sql inject..
Not secure.
|
Farius you so need add anti-sql inject Done ehehehe
Easy work !!!
|
|
|
|
|
06/29/2014, 16:53
|
#6
|
elite*gold: 0
Join Date: Jul 2006
Posts: 46
Received Thanks: 17
|
make it pdo. mssql_query is so outdated lol
|
|
|
|
|
06/29/2014, 17:10
|
#7
|
elite*gold: 0
Join Date: Jan 2013
Posts: 100
Received Thanks: 42
|
Quote:
Originally Posted by Hittman
make it pdo. mssql_query is so outdated lol
|
srry Hittman you pro me no 
|
|
|
|
|
06/29/2014, 17:16
|
#8
|
elite*gold: 0
Join Date: Jul 2006
Posts: 46
Received Thanks: 17
|
Ill modify it once i'm home tonight and update this post.
|
|
|
|
|
06/29/2014, 17:24
|
#9
|
elite*gold: 0
Join Date: Jan 2013
Posts: 100
Received Thanks: 42
|
Quote:
Originally Posted by Hittman
Ill modify it once i'm home tonight and update this post.
|
tnx ehehehe
|
|
|
|
|
06/30/2014, 09:57
|
#10
|
elite*gold: 20
Join Date: Nov 2007
Posts: 2,854
Received Thanks: 1,891
|
You did not add anything to the script, either have my credits added or ill have it removed!
|
|
|
|
|
06/30/2014, 11:02
|
#11
|
elite*gold: 0
Join Date: Jan 2013
Posts: 100
Received Thanks: 42
|
Quote:
Originally Posted by janvier123
You did not add anything to the script, either have my credits added or ill have it removed!
|
SRRY JNVIER GOING TO PUT NOW
|
|
|
|
|
06/30/2014, 12:44
|
#12
|
elite*gold: 0
Join Date: Mar 2014
Posts: 77
Received Thanks: 2
|
Help us by LostParadise 23
Please help me
|
|
|
|
|
06/30/2014, 13:02
|
#13
|
elite*gold: 0
Join Date: Jul 2006
Posts: 46
Received Thanks: 17
|
Just some very quick written code, can be buggy. Ill make a class of it when im bored. Untested!
PHP Code:
<!-- Simple style block for the form -->
<style type="text/css">
body { background-color: #ccc; }
input { width: 200px; background-color: #666; border: 1px solid #000; color: #fff; height: 25px; padding-left: 5px; margin-bottom: 3px; }
input:hover { background-color: #333; }
input[type=submit]:hover { cursor: pointer; }
</style>
<?php
function AddAccount($user, $pass, $pass2) {
# Config settings. Change it to your server, username, password and connection type.
$dbType = "odbc08"; # Types: sqlsrv (need drivers), odbc08 (SQL Server 2008 and below), odbc12 (SQL Server 2012)
$dbServer = "localhost"; # SQL Server Name / IP
$dbName = "Account"; # Database name
$dbUser = "user"; # SQL Server Username
$dbPass = "pass"; # SQ: Server Password
# DOn't touch unless you know what you are doing.
$adduser = "INSERT INTO USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,login_flag,login_tag,server_id) VALUES (?,?,?,'801011000000','1','0','Y','000')";
$getuser = "SELECT user_id FROM USER_PROFILE WHERE user_id = ?";
$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$user_no=$dk_time.substr($usec1,2,2);
$auparams = array($user_no, $user, md5($pass));
$guparams = array($user);
if(empty($user) || empty($pass) || empty($pass2)) {
echo "<br>You didn't fill in all fields. <a href='javascript:history.back()'>Go Back</a>";
} elseif($pass != $pass2) {
echo "<br>The passwords do not match. <a href='javascript:history.back()'>Go Back</a>";
} elseif($pass == $user) {
echo "<br>The username and password can't be the same. <a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $user)) {
echo "<br>Enter a username with only 0-9, a-z and A-Z. <a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $pass)) {
echo "<br>Enter a password with only 0-9, a-z and A-Z. <a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($user) < 3 || strlen($user) > 15) {
echo "<br>The username must be between 3 and 15 characters long. <a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($pass) < 3 || strlen($pass) > 15) {
echo "<br>The password must be between 3 and 15 characters long. <a href='javascript:history.back()'>Go Back</a>";
} else {
switch($dbType) {
case 'sqlsrv':
$connectionInfo = array( "Database"=>$dbName, "UID"=>$dbUser, "PWD"=>$dbPass);
$conn = sqlsrv_connect( $dbServer, $connectionInfo);
if( $conn === false ) {
die( print_r( sqlsrv_errors(), true));
}
$gd = sqlsrv_query( $conn, $getuser, $guparams);
if (sqlsrv_num_rows($gd) > 0) {
echo "<br>This username is already registered. <a href='javascript:history.back()'>Go Back</a>";
} else {
$stmt = sqlsrv_query( $conn, $adduser, $auparams);
if( $stmt === false ) {
die( print_r( sqlsrv_errors(), true));
} else {
return 1;
}
}
break;
case 'odbc08':
$conn = odbc_connect("Driver={SQL Server Native Client 10.0};Server=" . $dbServer . ";Database=" . $dbName . ";", $dbUser, $dbPass);
if( $conn === false ) {
die( print_r( odbc_error()));
}
$gd = odbc_prepare($conn, $getuser);
$gdexe = odbc_execute($gd, $guparams);
if(odbc_num_rows($gd) > 0) {
echo "<br>This username is already registered. <a href='javascript:history.back()'>Go Back</a>";
} else {
$stmt = odbc_prepare($conn, $adduser);
$execute = odbc_execute($stmt, $auparams);
if( $execute === false ) {
die( print_r( odbc_error()));
} else {
return 1;
}
}
break;
case 'odbc12':
$conn = odbc_connect("Driver={SQL Server Native Client 11.0};Server=" . $dbServer . ";Database=" . $dbName . ";", $dbUser, $dbPass);
if( $conn === false ) {
die( print_r( odbc_error()));
}
$gd = odbc_prepare($conn, $getuser);
$gdexe = odbc_execute($gd, $guparams);
if(odbc_num_rows($gd) > 0) {
echo "<br>This username is already registered. <a href='javascript:history.back()'>Go Back</a>";
} else {
$stmt = odbc_prepare($conn, $adduser);
$execute = odbc_execute($stmt, $auparams);
if( $execute === false ) {
die( print_r( odbc_error()));
} else {
return 1;
}
}
break;
}
}
}
if(isset($_POST['register'])) {
if(AddAccount($_POST['username'], $_POST['password'], $_POST['password2']) == 1) {
echo 'Account registered.';
echo '<br><strong>Username:</strong> ' . $_POST['username'];
echo '<br><strong>Password:</strong> ' . $_POST['password'];
} else {
echo '<br><br>Registration failed.';
}
} else {
# Register form, I don't provide syling.
?>
<form method="post">
<input type="text" name="username" placeholder="Username" /><br>
<input type="password" name="password" placeholder="Password" /><br>
<input type="password" name="password2" placeholder="Repeat password" /><br>
<input type="submit" name="register" value="Register" />
</form>
<?php
}
?>
|
|
|
|
 |
Similar Threads
|
Inline Asm -> Wert aus Register in anderes Register schreiben
03/17/2012 - C/C++ - 17 Replies
Huhu,
die Frage klingt vielleicht etwas Blöd, aber ich würde gerne wissen, wie ich den Wert eines Registers in ein anderes schreiben kann.
Wenn ich mov verwende wird lediglich die Speicheradresse auf das andere Register geschrieben und ich brauche den Wert in die Speicheradresse die mein Register hält.
Mein Inline Asm Code sieht folgendermaßen aus:
char *command;
code = "insert 1";
_asm {
|
Web Register
11/22/2011 - Shaiya - 18 Replies
If anyone here is willing to help me out plz
i am trying to set a Web Register for my PS
But i get this error
Parse error: syntax error, unexpected T_DNUMBER, expecting ']' in /home/a9867997/public_html/processor.php on line 3
|
HP mit Register
08/08/2011 - Flyff Private Server - 1 Replies
Hi,
Suche ein gutes Tut wo man sieht wie man des mit dem HP einrichten macht + register wo auch downlaods sind ich hab zwar gesucht hab nigs gutes gefunden.:(
Hab auch Skype Dominik
Bedanke mich für jede HILFREICHE Antwort:handsdown:
|
help me to register..
07/28/2009 - Cabal Online - 1 Replies
hi there :). i need help...i try to create my account in the main page and the Loading registration data .... its never end :S...so.. i cant create my acount and y wanna play T.T..please help me..
|
All times are GMT +1. The time now is 16:18.
|
|
