Ich musste meinen MSQl Server neu machen aber nun geht die rei seite nicht mehr die daten habe ich alle wieder eingetragen ich bin verzweifelt ich habe nun 7 STK ausprobiert und sie gehen alle nicht
Wiest ihr den fehler den ich mache ich lase ihn nur über Apache laufen sie hatte mal funktioniert ka warum
HTML Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="robots" content="INDEX,FOLLOW"> <meta name="keywords" content="FightForShinobi"> <meta name="description" content="FightForShinobi" > <title>FightForShinobi</title> <link rel="stylesheet" href="format.css" type="text/css"> </head> <body > <div align="center"> <table align="center" id="main" cellspacing="0" cellpadding="0" border="0" > <tr> <td align="center" > <table align="center" id="main_top" cellspacing="0" cellpadding="0" border="0" > <tr> <td> <table align="center" cellspacing="0" cellpadding="0" border="0" > <tr> <td id="top"> <!-- menü GANZ oben--> <!-- ende menü GANZ oben--></td> </tr> <td align="right" id="top1" > </td> <br> <br> <br> <br> <br> <br> <br> <td align="center" id="top2" > <table width="899" align="center" id="menuhorizontal" border="0" cellpadding="0" cellspacing="0" > <tr> <td width="10%"><a href="http://fightforshinobi.co.de/index.php" >News</a></td> <td width="10%"><a href="http://5.135.101.171/register.php" >Register</a></td> <td width="10%"><a href="http://5.135.101.171/ranking.php" >Ranking</a></td> <td width="10%"><a href="http://fightforshinobi.co.de/team.php" >Team</a></td> </tr> </table> </td> </tr> <br> <!-- ende boxen inhalt--></td> <td valign="top" id="inbox"> <br> <h1>Register</h1> <center> <h 1>bitte alles klein schreiben</h1><br><br> </center> <?php $ip = $_SERVER['REMOTE_ADDR']; $time = date; $script = $_SERVER[PATH_TRANSLATED]; $fp = fopen ("[WEB]SQL_Injection.txt", "a+"); $sql_inject_1 = array(";","'","%",'"'); #Whoth need replace $sql_inject_2 = array("", "","","""); #To wont replace $GET_KEY = array_keys($_GET); #array keys from $_GET $POST_KEY = array_keys($_POST); #array keys from $_POST $COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE /*begin clear $_GET */ for($i=0;$i<count($GET_KEY);$i++) { $real_get[$i] = $_GET[$GET_KEY[$i]]; $_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]])); if($real_get[$i] != $_GET[$GET_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: GET\r\n"); fwrite ($fp, "Value: $real_get[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /*end clear $_GET */ /*begin clear $_POST */ for($i=0;$i<count($POST_KEY);$i++) { $real_post[$i] = $_POST[$POST_KEY[$i]]; $_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]])); if($real_post[$i] != $_POST[$POST_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: POST\r\n"); fwrite ($fp, "Value: $real_post[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /*end clear $_POST */ /*begin clear $_COOKIE */ for($i=0;$i<count($COOKIE_KEY);$i++) { $real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]]; $_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]])); if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]]) { fwrite ($fp, "IP: $ip\r\n"); fwrite ($fp, "Method: COOKIE\r\n"); fwrite ($fp, "Value: $real_cookie[$i]\r\n"); fwrite ($fp, "Script: $script\r\n"); fwrite ($fp, "Time: $time\r\n"); fwrite ($fp, "==================================\r\n"); } } /*end clear $_COOKIE */ fclose ($fp); ?> <?php ini_set('display_errors', 0); $connection = mssql_connect('MATTHIAS-PC\SQLEXPRESS', 'sa', 'msql ps '); if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection)) { die('Konnte keine verbindung zum MSSQL Server herstellen'); } function resafe($key){ $s = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a", "\"'\"", "'\"'"); return str_replace($s, "", $key); } function __construct(){ if($_SERVER['REQUEST_METHOD'] == 'GET'){ $_GET = array_map(array(&$this, 'resafe'), $_GET); } if($_SERVER['REQUEST_METHOD'] == 'POST'){ $_POST = array_map(array(&$this, 'resafe'), $_POST); } } $checkusername = $_POST['Username']; $query = mssql_query("SELECT account FROM ACCOUNT_DBF WHERE account = '$checkusername'"); $result = mssql_fetch_row($query); if(isset($_POST['submit'])){ if($_POST['Username'] == ""){ $error = '<font color="red">Bitte gib deinen Accountnamen an.</font>'; } else if($result[0] == $checkusername){ $error = '<font color="red">Dein Accountsname ist bereits vergeben.</font>'; } else if($_POST['Password'] == ""){ $error = '<font color="red">Bitte ein Passwort eingeben.</font>'; } else if($_POST['Password2'] == ""){ $error = '<font color="red">Du hast kein Passwort angegeben.</font>'; } else{ $password = md5('kikugalanet' . $_POST['Password']); $stmt = mssql_init('usp_CreateNewAccount', $connection); mssql_bind($stmt, '@account', $checkusername, SQLVARCHAR, false, false, 15); mssql_bind($stmt, '@pw', resafe($password), SQLVARCHAR, false, false, 36); mssql_bind($stmt, '@email', $_POST['mail'], SQLVARCHAR, false, false, 120); mssql_execute($stmt) or die ("Registration fehlgeschlagen bitte versuche es noch einmal."); mssql_free_statement($stmt); $error = 'Dein Account wurde erstellt</font>'; } } echo '<form action="register.php" method="post">'; echo '<font color="#7CFC00"><h1>Login ID:</h1> <input type="text" name="Username" /><br /><br />'; echo '<h1>Passwort:</h1> <input type="password" name="Password" /><br /><br />'; echo '<h1>Passwort wiederholen:</h1> <input type="password" name="Password2" /><br /><br />'; echo '<h1>E-mail Adresse eintragen:</h1> <input type="text" name="mail" /><br><br />'; echo '<input type="submit" name="submit" value= Re gistration &nbs p; />'; echo '</form>'; echo $error; ?> </tr> </table> </td> </tr> </table> </td> </tr> </table></div> </body> </html>
HTML Code:
<?php $ip='deine Instazn'; //Server instanz $usr='Benutzername'; //Benutzername $pwd='pw'; //Passwort $salt='kikugalanet'; //Salt ?> <center> <?php $link = @mssql_connect($ip, $usr, $pwd) or die ("Server is down!"); $db = @mssql_select_db('ACCOUNT_DBF') or die ("Accout table is missing!"); $b = ''; $mail = ''; function doesUsernameExist($name){ $exit = FALSE; $result = @mssql_query("SELECT * FROM ACCOUNT_TBL WHERE account='$name'"); if (mssql_num_rows($result) != 0){ $exit = TRUE; } return $exit; } if(isset($_POST['submit'])){ $user = preg_replace ("[^A-Za-z0-9]", "", $_POST['regusername']); $pass = preg_replace ("[^A-Za-z0-9]", "", $_POST['regpassword']); $mail = preg_replace ("[^A-Za-z0-9@.]", "", $_POST['email']); $user = str_replace($idk, '', $user); $pass = str_replace($idk, '', $pass); if($_POST['regusername'] == ""){ echo '<font color="red">Enter a user.</font><br /><br />'; } else if($_POST['regpassword'] == ""){ echo '<font color="red">Enter a password.</font><br /><br />'; } else if($_POST['regpassword'] != $_POST['regpassword2']){ echo '<font color="red">Passwords do not match.</font><br /><br />'; } else if ((strlen($_POST['regusername']) > 16) || (strlen($_POST['regusername']) < 3)){ echo '<font color="red">The user should be 3 to 16 characters.</font><br /><br />'; } else if ((strlen($_POST['regpassword']) > 16) || (strlen($_POST['regpassword']) < 3)){ echo '<font color="red">The password should be 3 to 16 characters.</font><br /><br />'; } else if($_POST['regusername'] != $user){ echo '<font color="red">User with invalid characters.</font><br /><br />'; } else if($_POST['regpassword'] != $pass){ echo '<font color="red">Password with invalid characters.</font><br /><br />'; } else { $pass = md5('kikugalanet' . $pass); if(!doesUsernameExist($user)){ $stmt = mssql_init('usp_CreateNewAccount', $link); mssql_bind($stmt, '@account', $user, SQLVARCHAR, false, false, 15); mssql_bind($stmt, '@password', $pass, SQLVARCHAR, false, false, 36); mssql_bind($stmt, '@email', $mail, SQLVARCHAR, false, false, 120); mssql_execute($stmt) or die ("Something is wrong on the execution"); mssql_free_statement($stmt); echo '<font color="Green">Register Successfull.</font><br /><br />'; } else { echo '<font color="red">User already Exists.</font><br /><br />'; } } mssql_close(); } echo '<form action="register.php" method="post"><table border=0>'; echo '<tr><td>Username:</td><td><input type="text" size="15" name="regusername" /></td></tr>'; echo '<tr><td>Password:</td><td><input type="password" size="15" name="regpassword" /></td></tr>'; echo '<tr><td>Repeat Password:</td><td><input type="password" size="15" name="regpassword2" /></td></tr>'; echo '<tr><td>Email:</td><td><input type="text" size="15" name="email" /></td></tr></table>'; echo '<br /><input type="submit" name="submit" value="Register" />'; echo '</form>'; ?>