![[RELEASE] Simple SQLSRV Registration](https://www.elitepvpers.com/forum/iconimages/rappelz-private-server/release-simple-sqlsrv-registration_ltr.gif){kind=small}
- This script will only function with the following requirements met:
- PHP 5.3+
- SQLSRV api e.g PHP Driver 3.0+
- Properly configured IIS 7.5+
- Basic Knowledge of HTML/PHP
- I will not be answering any questions and anything posted here-in will be provided on an as-is basis with the knowledge that you may have to make adaptations to the script to suit your specific needs.
- I will not be held responsible for any failure to commit security precautions on your part.
- This script is not and will never be perfect, remember to keep up with current trend articles on PHP and website safety in-general.
- Don't bicker about thinking your methods are better or whatever, I don't care, use it or don't.
You have been warned!
Ok to the nitty, first we need to create the most basic of things, a configuration file. I will be providing a sample configuration file that you file out.
Ok first download a good text editor, I don't care how good you think wordpad is, the two I'd personally recommend are InType/Notepad++ but you may find others. Once you have this done, open a new page and copy and paste the contents of the below code box to it.
Code:
<?php //Login Database [login_db] $login_db_ip = ""; $login_db_user = ""; $login_db_pass = ""; $login_db_name = ""; $sql_error_login ="There has been a connection error! Please check the database_config.php"; $login_connectInfo = array( "Database"=>"$login_db_name", "UID"=>"$login_db_user", "PWD"=>"$login_db_pass"); $connect_login = sqlsrv_connect( $login_db_ip, $login_connectInfo) or die($sql_error_login); ?>
Now create a folder in your web root called Register or whatever you like Signup, doesn't matter as long as you aren't dumb and forget it
Save this file into your folder as config.php as we'll need it later.Now we need to create a form to accept user input, we will do this by opening a new tab in your text editor and pasting the following code into it:
What are we doing: Calling a form in html telling it that when the button 'submit' is clicked to move url to signup_proc.php and to post the variables the user has entered.
Code:
<?php <html> <form action="signup_proc.php" method="post"> Username: <input type="text" name="register_username"></input> Password: <input type="password" name="register_password"></input> <input type="submit" name="register_submit" value="Create Account"></input> </form> </html> ?>
Now we encapsulated the html in php so that we could easily save it as a .php file and name it signup.php, with this file saved open a final new file in your text editor and copy the following code into it: during this step we will actually fetch the data the user input, check it against a rule and combine the password into md5.
I will show you how to protect your form from basic SQL injections aswell:
Code:
<?php
//First we include config now
include("config.php");
//Here we define the md5 key we will use
$md5_key = "2011"; //I URGE YOU TO CHANGE THIS
//now we define the user data, and strip it of unneeded symbols
$data_array = $_POST;
$array_char = array("'","/","\\","*",":","!","?",".", "&", "%", "ù","^", "$", "=","¨","}","{","(",")","~","#","[","]","ç","à","é","€","§",";","¤","°","£","`","<",">");
$user = $data_array['register_username'];
$user = str_replace($array_char, "", $user);
$password = $data_array['register_password'];
$password = str_replace($array_char, "", $password);
//And now we defined the converted password (md5)
$combine_password = $md5_key.$password;
$converted_password = md5($combine_password);
//Here we will define a check to see if the username exists
$name_check = sqlsrv_query($connect, "SELECT login_name FROM dbo.Accounts WHERE login_name = '$user'";
$name_check_ret = sqlsrv_has_rows($name_check);
//Here we will define the insert user query
$insert_user = "INSERT Accounts( login_name,password,block,withdraw_remain_time,age ,auth_ok,pcbang,last_login_server_idx,event_code,result,ip,email) VALUES('$user','$converted_password',0,0,18,1,0,1,0,1,0,0)";
//Here we initiate the check with an IF statement
if($name_check_ret === FALSE){
//Here we start procedure to copy user info to the account database
$insert_query = sqlsrv_query($connect, $insert_user);
//Now we check if Query Executed
if(!insert_query){//Start Sub IF Statement
//If Query failed Echo Error to Browser
}
echo "The Insert query has failed for some reason!";
exit;
}//End Sub IF statement
else{//Start Sub IF-Else statement
//If Query succeeded Echo Confirmation to Browser
echo "Account Creation Successful";
exit;
}//End Sub IF-Else statement
}//End original If Statement
if($name_check_ret === TRUE){//Begin second If Statement
//Here we echo an error to the browser
echo "This account name already exists!";
}
?>
