[RELEASE] Simple login Script (with anti SQL inject)

janvier123 · 02/08/2010, 10:57

Just a simple login script, nothing fancy about it,
but added with Anti SQL inject !

DO NOT USE THIS SCRIPT!

if you got a error, please reply with a error code
have fun !
@Mod this is not a double topic, its 2 different scripts so ... to prevent any confusion

@Everyone THIS IS MADE FOR DEKARON SO IAM POSTING IN THE RIGHT SECTION

gedimazs · 02/08/2010, 12:00

you can make reg page with anti SQL injection

janvier123 · 02/08/2010, 12:06

sure

EDIT:

tested and working

~~Hesorio1u~~ · 08/08/2012, 20:23

Hello janvier123 i need your help.
O.k lets me explain ( sorry for my bad language )
i have my own site ( I made it in Dreamweaver )
So i wanna insert a that login script
but they have much bugs lets me shows main orginal page:

and there is pic bugged ? can u fix it or explain me why this apear?
Problem pic:

janvier123 · 08/08/2012, 21:34

what are you using as webserver ?

~~Hesorio1u~~ · 08/09/2012, 00:21

Currectly i'm using a xampp. While i finish the website .i'll do public.

janvier123 · 08/09/2012, 07:40

i think you did not save the file as ".php"

~~Hesorio1u~~ · 08/09/2012, 15:02

I HAVE ALL FILES

~~Hesorio1u~~ · 08/13/2012, 22:39

hey javnier. u got Deathfront time script ?

Scythey · 08/28/2013, 19:39

i get this error code
Fatal error: Call to undefined function mssql_connect() in C:\xampp\htdocs\register.php on line 12

akosicamar2 · 10/30/2014, 14:37

true.. me too! at line 12

janvier123 · 10/30/2014, 16:21

)

fastswipe · 10/30/2014, 18:17

Quote:

Originally Posted by Scythey

i get this error code
Fatal error: Call to undefined function mssql_connect() in C:\xampp\htdocs\register.php on line 12

Line 12:

Code:

$CONFIG['conn']  = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

Okay so what we have here is a array, the array is called CONFIG, the config has different stuff in it, for example $CONFIG['host'].

Think of an array as a box and you can put different stuff in it, and to access those stuff you need to specify it such as $CONFIG <- the box.
And the item you want for example $CONFIG['brain'], and if we take a closer look at your problems which i assume is HOST USER & PASS

They are being set at the top of the page.

$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "server";

But the problem is not within the code its because you don't have the
right version of php or dll, since the code does not know how to read the function mssql_connect. this brings is to Janvier123's let me google that for you. I assume your too lazy to read but if you are, i found a youtube clip that might help you.

DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!
DONT FORGET TO THANK Janvier123!

I added some css to it, just in case someone is still working on their main website and wanna use the script meanwhile.

Code:

<style type="text/css">
* {
    padding: 0;
    margin: 0;
}

body {
    background-color: #444;
}

.big {
    width: 500px;
    padding: 10px;
    margin-top: 5px;
    border-radius: 2px;
    border: none;
}

.button {
    width: 150px;
    padding: 10px;
    margin-left: 175px;
    margin-top: 5px;
    border-radius: 3px;
    border: none;
}

fieldset {
    width: 500px;
    padding: 10px;
    margin: auto;
    margin-top: 200px;
}

legend {
    color: white;
    font-family: helvetica;
    font-size: 20px;
}

a {
    text-decoration: underline;
    color: white;

}

</style>
<?php
/*echo 'Current PHP version: ' . phpversion();
// Edit your mssql info here
// BEGIN MSSQL INFO
$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "server";
// END MSSQL INFO

//----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------

$CONFIG['conn']  = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function anti_injection($sql) {
   $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
   $sql = trim($sql);
   $sql = strip_tags($sql);
   $sql = addslashes($sql);
   return $sql;
}
//----------------------------------------------------------------------------------------------------------

if(isset($_GET['action']) && ($_GET['action'] == "login")){

    $user = anti_injection($_POST['user']);
    $pass = anti_injection($_POST['pass']);
    $crypt_pass = md5($pass);
        
    $result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'"); 
    $count1 = mssql_num_rows($result1); 

    $result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'"); 
    $row2 = mssql_fetch_row($result2); 

    if($count1 == '0') {
        echo '<br>This game account is not found in the database.';
    }
    elseif($row2[0] != $crypt_pass) {
        echo '<br>Wrong password. Try again.';
    }
    elseif($_GET['login'] != 'login' && $count1 == '0') {
        echo '<br>Login Error, Please login again.';
    } else {
    
    // Begin secure content 
        $_SESSION['user'] = $user;
        echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
        echo "<br>";
        echo "Your content here";
    // Dont forget to and your session
    // session_destroy();
    // End secure content
    }
} else {
  */
echo '<fieldset><legend>Login By <a href="http://www.elitepvpers.com/forum/dekaron-private-server/452255-release-simple-login-script-anti-sql-inject.html">Janvier123</a></legend></br>
    <form name="" action="'.$_SERVER['php_self'].'?action=login" method="post"> 
        <input class="big" type="text" name="user" maxlength="16" placeholder="Username"><br /> 
        <input class="big" type="password" name="pass" maxlength="16" placeholder="Password"> <br />
        <input class="button" type="submit" value="Login!"> 
    </form></fieldset>';
//}
?>