![[Release]Register Script](https://www.elitepvpers.com/forum/iconimages/flyff-pserver-guides-releases/release-register-script_ltr.gif){kind=small}
(Facker,Shuntaya/Simon geht mir mal wieder auf den sack =) )
Screen: 
PHP Code:
<h3>Register</h3>
<center>
<?php
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<?php
ini_set('display_errors', 0);
$connection = mssql_connect('PCNAME\SQLEXPRESS', 'sa', 'PW');
if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
{
die('Konnte keine verbindung zum MSSQL Server herstellen');
}
function resafe($key){
$s = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a", "\"'\"", "'\"'");
return str_replace($s, "", $key);
}
function __construct(){
if($_SERVER['REQUEST_METHOD'] == 'GET'){
$_GET = array_map(array(&$this, 'resafe'), $_GET);
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$_POST = array_map(array(&$this, 'resafe'), $_POST);
}
}
$checkusername = $_POST['Username'];
$query = mssql_query("SELECT account FROM ACCOUNT_DBF WHERE account = '$checkusername'");
$result = mssql_fetch_row($query);
$pruef="9999";
if(isset($_POST['submit'])){
if($_POST['Username'] == ""){
$error = '<font color="red">Bitte gib deinen Accountnamen an.</font>';
}
else if($_POST['list']<>$pruef){
$error = '<font color="red">Falscher Captcha.</font>';
}
else if($result[0] == $checkusername){
$error = '<font color="red">Dein Accountsname ist bereits vergeben.</font>';
}
else if($_POST['Password'] == ""){
$error = '<font color="red">Bitte ein Passwort eingeben.</font>';
}
else if($_POST['Password2'] == ""){
$error = '<font color="red">Du hast kein Passwort angegeben.</font>';
}
else{
$password = md5('kikugalanet' . $_POST['Password']);
$stmt = mssql_init('usp_CreateNewAccount', $connection);
mssql_bind($stmt, '@account', $checkusername, SQLVARCHAR, false, false, 15);
mssql_bind($stmt, '@pw', resafe($password), SQLVARCHAR, false, false, 36);
mssql_bind($stmt, '@email', $_POST['mail'], SQLVARCHAR, false, false, 120);
mssql_execute($stmt) or die ("Could not complete the registration. Please try again.");
mssql_free_statement($stmt);
$error = '<font color="#7CFC00"><b>Dein Account wurde erstellt</b></font>';
}
}
echo '<form action="register.php" method="post">';
echo '<font color="#000"><b>Login:</b><input type="text" name="Username" /><br /><br />';
echo '<b>PW:</b><input type="password" name="Password" /><br /><br />';
echo '<b>PW wiederhl.:</b><input type="password" name="Password2" /><br /><br />';
echo '<b>E-mail:</b><input type="text" name="mail" /><br><br />';
echo '<b>Code lautet 9999: </b>';
echo '<Select name="list">';
echo '<option selected value="eingabe=0000">0000';
echo '<option value="3123">3123';
echo '<option value="8231">8231';
echo '<option value="9999">9999';
echo '<option value="7233">7233';
echo '<option value="4965">4965';
echo '</select> <br><br>';
echo ' ';
//echo '<input type="submit" name="submit" value="Registrieren" onClick="top.location.href=this.form.list.options[this.form.list.selectedindex].value">';
echo '<input type="submit" name="submit" value= Registrieren />';
echo '</form>';
echo $error;
?>
</center>
</div>
<br>
<br>
Ich würde mich freuen auf einpaar Thanks!
Noch mal für alle anderen ihr dürft nie facker/simon vertrauen!!
