Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Rappelz > Rappelz Private Server
You last visited: Today at 06:07

  • Please register to post and access all features, it's quick, easy and FREE!

 

Rappelz Private Server Registration Script

Reply
 
Old   #31
 
elite*gold: 0
Join Date: Dec 2010
Posts: 664
Received Thanks: 189
Security-flawed script. You should provide two alternative scripts for the most recent sqlsrv_() anyways.



RoflcopterGoesSoiSoiSoi is offline  
Old   #32
 
elite*gold: 0
Join Date: Nov 2008
Posts: 462
Received Thanks: 85
password length should be at least 8 characters minimum when using md5


schmuselord1 is offline  
Old   #33
 
elite*gold: 0
Join Date: May 2009
Posts: 122
Received Thanks: 91
Strean hör auf zu labern.. kenne mich etwas länger mit dem Thema sql-injections aus wie du.. komme mit den script innerhalb von ein paar sekunden an die daten von anderen spielern.. fallsu es net gepeilt hast du hast da sehr wohl eine abfrage erstellt.. uns war die, wo du den Username vergleichst.. dies etwas abgeändert, kann ich mit nem in knapp 3 min erstellten tool sämtliche passwörter mit den zugehörigen usernamen herausbekommen.. dauer dann logischerweise je nach db-volumen...
andysky is offline  
Thanks
1 User
Old   #34
 
elite*gold: 0
Join Date: Jun 2010
Posts: 52
Received Thanks: 5
code corrupted


medmedmed is offline  
Old   #35
 
elite*gold: 0
Join Date: Jul 2011
Posts: 3
Received Thanks: 0
So Strean, habe übrigens davon gesprochen, dass man über deinen code sehr einfach an den Username eines anderen Acc's rankommt (da ist eine abfrage, ob es den Username scho gibt..) und dessen PW dann einfach ändern kann

(Where $username = XX
Set 4pass = neues pw) blabla.. hasse sql inject eigtl, liebe aber die tools zum testen^^
[LW]Saik is offline  
Old   #36
 
elite*gold: 0
Join Date: Jun 2011
Posts: 669
Received Thanks: 309
Nope, alternatively you can add two lines to the script which protects the script from SQL injections.
s0ul37 is offline  
Thanks
1 User
Old   #37
 
elite*gold: 0
Join Date: Dec 2010
Posts: 664
Received Thanks: 189
You can also add it in one line, and you can also add it in a dozen lines. You don't have a "magic feature that nobody else knows about."
RoflcopterGoesSoiSoiSoi is offline  
Old   #38
 
elite*gold: 0
Join Date: Jun 2011
Posts: 669
Received Thanks: 309
What I meant, was that it's easy to protect the script.
s0ul37 is offline  
Old   #39
 
elite*gold: 0
Join Date: Nov 2010
Posts: 80
Received Thanks: 1
How fill in the script please I did not understand
said200 is offline  
Old   #40
 
elite*gold: 0
Join Date: Nov 2010
Posts: 118
Received Thanks: 22
in mysql i usually use this to prevent sql injections

Code:
...

$userinput = $_POST['UserInput'];
$username = mysql_escape($userinput);

$passinput = md5($_POST['PassInput']);
$password = mysql_escape($passinput);

...

$sql = "SELECT fields FROM table WHERE user='{$username}' AND pass='{$password}' ";
$result = mysql_query($sql);

...
Anime Creature is offline  
Old   #41
 
elite*gold: 0
Join Date: Nov 2010
Posts: 118
Received Thanks: 22
in mysql i usually use this to prevent sql injections

Code:
...

$userinput = $_POST['UserInput'];
$username = mysql_escape($userinput);

$passinput = md5($_POST['PassInput']);
$password = mysql_escape($passinput);

...

$sql = "SELECT fields FROM table WHERE user='{$username}' AND pass='{$password}' ";
$result = mysql_query($sql);

...
Anime Creature is offline  
Old   #42
 
elite*gold: 0
Join Date: May 2009
Posts: 81
Received Thanks: 28
Hallo ich habe es geschaft es läuft und auch getestet account wird mit pw eingetragen.

Habe Port freigeschaltet und einen dienst gestartet dann hat es geklappt.

TCP 10620
UDP 10620
UDP 1434

Start - Systemsteuerung - Verwaltung - Dienste
Läuft der Dienst: SQL Server

Dort die Dienste bearbeitet das Sie automatisch und dann den Dienst gestartet.

Hoffe ich könnte helfen.
rattexxl is offline  
Old   #43
 
elite*gold: 0
Join Date: Jul 2011
Posts: 3
Received Thanks: 0
? on how to

Ok so we recently set up a zeta boards fourm and we are trying to link it to msql. If anyone has any ideas on how to do so please write back it would help out alot. Thanks
Tattatsaver is offline  
Old   #44
 
elite*gold: 0
Join Date: May 2011
Posts: 13
Received Thanks: 1
the video narration
TRmuratTR is offline  
Old   #45
 
elite*gold: 0
Join Date: Mar 2009
Posts: 150
Received Thanks: 27
whats is wrong here

Code:
<?php 

    $host = "(local)\\SQLExpress"; // your sql instance 
    $user = "sa"; // username 
    $pw = ""; // password 
    $db = "Auth"; // db 
    $md5_key = "2011"; // your md5 key 
     
    $connect = mssql_connect($host,$user,$pw) 
    or die("Can't connect to the datebase."); 
     
    mssql_select_db($db,$connect) 
    or die("Can't select the datebase"); 

?> 

<html> 
  <head> 
    <title>Register</title> 
    <center> 
    <h3 style="color:red">Rappelz : Register Page ( Pls insert more then 4 chars ! )</h3>  
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> 
      Username : <input type="text" size="20" name="username" /><br /> 
      Password : <input type="password" size="20" name="password" /><br /><br /> 
      <input type="submit" value="Register now !" name="senden" /> 
    </form> 
    <?php 
     
      $usr = $_POST['username']; 
      $pass = $_POST['password']; 
      $endPw = $md5_key . $pass; 
      $md5 = md5($endPw); 
       
      $results = mssql_query("SELECT * FROM dbo.Accounts WHERE '$usr' LIKE login_name"); 
      $res = mssql_num_rows($results); 
       
      if(strlen($usr) > 4 && strlen($pass) > 4) 
      { 
          if($res > 0) 
          { 
              echo "Account Exists !"; 
          } 
          else 
          { 
              mssql_query("INSERT INTO dbo.Accounts(login_name,password,block,withdraw_remain_time,age,auth_ok,pcbang,last_login_server_idx,event_code,result) VALUES('$usr','$md5',0,0,18,1,1,1,0,1)"); 
              echo "Registration Success !"; 
          } 
      } 
      else 
      { 
          echo "Username or Password to small..."; 
      } 
     
    ?> 
    </center> 
  </head> 
</html>


Fatal error: Call to undefined function mssql_connect() in /homepages/40/d375566371/htdocs/regi.php on line 9


Makenci is offline  
Reply



« Previous Thread | Next Thread »



All times are GMT +2. The time now is 06:07.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.