Ich habe ein Problem wenn ich ein account erstellen will kommt das hier nach der eingabe von meinen daten
Warning: mssql_query() [function.mssql-query]: message: Ung黮tiger Spaltenname 'ip'. (severity 16) in C:\xampp\htdocs\flyff\index.php on line 154
Register.php
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<?php include "include/top.php";?>
<h3 class="title"></h3>
<div id="text">
<?php
function exist($account){
$sql = "SELECT * FROM ACCOUNT_TBL WHERE account='".$account."'";
$result = mssql_query($sql);
if(!$result) {
die("MSSQL Error");
}
$check = mssql_num_rows($result);
return $check;
}
function existip($ip){
$sql = "SELECT * FROM ACCOUNT_TBL_DETAIL WHERE ip='".$ip."'";
$result = mssql_query($sql);
if(!$result) {
die("MSSQL Error");
}
$check = mssql_num_rows($result);
return $check;
}
if(isset($_POST['submit']))
{
$server = "TUGAY-PC\SQLEXPRESS";
$user = "sa";
$pass= "ks15";
$username = $_POST['username'];
//$password = md5("kikugalanet".$_POST['password']);
$password = $_POST['password'];
$password2 = $_POST['password2'];
$ip = trim(htmlspecialchars($_POST['ip']));
################################################## ###########
if(strlen($username) < 4 ||
strlen($username) > 16)
{
die("Dein Benutzername ist zu kurz/lang .<br>Er muss zwischen <b><u>4 und 16</u></b> Zeichen lang sein .");
}
if(strlen($_POST['password']) < 4 ||
strlen($_POST['password']) > 16)
{
die("Dein Passwort ist zu kurz/lang .<br>Es muss zwischen <b><u>4 und 16</u></b> Zeichen lang sein .");
}
if($password != $password2)
{
die("Die Passwˆrter stimmen nich 竍erein.");
}
if (preg_match('/[^a-zA-Z0-9]/',$username))
{
die("Der Benutzername enth鋖t unerlaubte Zeichen.");
}
if (preg_match('/[^a-zA-Z0-9]/',$password))
{
die("Das Passwort enth鋖t unerlaubte Zeichen.");
}
################################################## ###########
$conn = mssql_connect($server,$user,$pass);
if(!$conn)
{
die("Connection failed!<br>");
}
$select = mssql_select_db("ACCOUNT_DBF",$conn);
if(!$select)
{
die("Can't select Database!<br>");
}
################################################## ###########
if(exist($username) != '0')
{
die ("Der Benutzername ".$username." wird schon benutzt .");
}
if(existip($ip) >= '2')
{
die("Du hast schon genug Accounts erstellt.");
}
################################################## ###########
// $username = strtolower($username);
//$password = strtolower($password);
$password = md5('kikugalanet' . $password);
$ipadress = $ip;
$stmt = mssql_init('webCreateAcc', $conn);
mssql_bind($stmt, '@account', $username, SQLVARCHAR, false, false, 15);
mssql_bind($stmt, '@password', $password, SQLVARCHAR, false, false, 36);
mssql_bind($stmt, '@birthday', $username, SQLVARCHAR, false, false, 120);
mssql_bind($stmt, '@email', $username, SQLVARCHAR, false, false, 120);
$execute = mssql_execute($stmt) or die ("Could not complete the registration. Please try again.");
mssql_free_statement($stmt);
if($execute)
{
echo 'Account wurde <font color="green">erfolgreich</font> erstellt !';
}
else
{
echo 'Account erstellung<font color="red">fehlgeschlagen</font> !';
}
mssql_close($conn);
}
else
{
?>
<center>
<form action="panel.php?site=register" method="post">
<table>
<tr>
<td colspan="2" align ="center">
<h3>Account erstellen</h3>
</td>
</tr>
<tr>
<td align ="right">
Account :
</td>
<td>
<input type="text" size="20" name="username" maxlength="15" />
</td>
<td> </td>
</tr>
<tr>
<td align ="right">
Passwort :
</td>
<td>
<input type="password" size="20" name="password" maxlength="32" />
</td>
</tr>
<tr>
<td align ="right">
Passwort widerh. :
</td>
<td>
<input type="password" size="20" name="password2" maxlength="32" />
</td>
</tr>
<tr>
<td>
<input type="hidden" size="20" name="ip" maxlength="32" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>"/>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="Account erstellen" />
</td>
</tr>
</table>
</form>
Ps:So hat sich gekl鋜t obwohl eine antwort toll w鋜e !
 |
