This script was actually never going to be released and probably die on my HDD as I am primarily a PHP coder not a ASP.NET coder. But due to some pushing from friends and Tatsuya stickying the wrong Regi thread I have decided w/ permission of Xijezu to release this.
Some Info:
Code:
- This script uses ASP.NET (required)
- This script uses .NET 4.0 Integrated (required)
- This script uses IIS(Internet Information Services) 7.5+ (required)
A couple warnings:
Code:
[B][SIZE="3"][COLOR="red"]- I will NOT be held responsible for your failure to implement or use this script correctly.
- I will NOT be held responsible for your failure to adapt and properly secure your server at ANY point in time.
- I will NOT provide support for this release (It's pretty self-explanatory)[/COLOR][/SIZE][/B]
Features:
Code:
- Non-Standard Age, Email inputs (Was going to add ip but never did)
- Automatic Errors (No more click "Create" to get "Passwords Do Not Match" or "Symbols Detected in Password" These errors are displayed under "Log" and until corrected the create button is unclickable.
- All Field Escaped
- All Field are Symbol Sensitive (They will know if you're entering in symbols)
Credits:
Code:
<!--
Original Script By: Xijezu
Age, Email Inputs, Field Escaping, Error Checking By: iSmokeDrow
-->
Screenshot:
How-To-Use:
Code:
Create a new folder in your website e.g. /register/ or /regi/ and place all files inside of this folder, using your favorite text-editor load the web.config file and change the info between REGISTERSCRIPT - CONFIG and REGISTERSCRIPT - CONFIG - END:
[code]
<!--- - - - - - - - - - - - - - - - - - - - - REGISTERSCRIPT - CONFIG - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<add key="sDbIP" value="localhost" /> <!-- Your Server-IP or SQL-Instanz: e.g. (local)\RAPPELZ, 127.0.0.1, localhost [...] -->
<add key="sDbDatabase" value="Auth" /> <!-- Your Auth-Database (usually Auth) -->
<add key="sDbUser" value="sa" /> <!-- Your SQL-Username (usually sa) -->
<add key="sDbPassword" value="password" /> <!-- Your SQL-Password -->
<add key="bUseWindowsLogin" value="1" /> <!-- If you want to create a connection without using Username & Password (ONLY WORKS LOCAL!), set this to 1, else set it to 0-->
<add key="sMD5Key" value="2011" /> <!-- Your MD5-Key. Default is 2011 -->
<!-- - - - - - - - - - - - - - - - - - - - - REGISTERSCRIPT - CONFIG - END - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
Now save the web.config file with the information updates and you should have a working Advanced Registration Script.
[/code]
If you are incapable of making such a simple thing work, unable to google how to make such a simple thing work. Don't even think you can ask me how to make it work, if you enjoyed or found this post useful. Be a sport, click thanks.
btw is there a way to insert a Ip bann function? like you said in the previous topic Ip adress will be insert into the ip_field and a limit account creator so any person is allowed to make max 3 accounts , this is because people will create unlimited accounts so you can't stop them if you bann their current account.
it should be very usefull to any private server out there not having this secured option
Actually everybody can simply use a Proxy to change/hide his IP , what makes an IP-Bann useless. Although many People have dynamic IP Addresses, meaning their IP-Address changes daily. So your Bann would only work for 1 Day and the poor Guy getting this IP is banned from registering...
I would recommed you using Cookies to ban them ( Okay, i know, everyone knows how to delete Cookies too, but it's better then IP Banning :P )
@ismokedrow
Nice Script,
(sorry i don't know ASP that good, maybe i'm wrong )
Isn't there a little Security Issue?
Code:
SqlDataReader dr = new SqlCommand(string.Format("SELECT login_name FROM Accounts WHERE login_name = '{0}'", tbUser.Text), sqlConn).ExecuteReader();
In this Command you simply insert the Username while some Lines later
Code:
if (CheckInput(tbUser.Text) && CheckInput(tbPass.Text) && CheckInput(tbPassConf.Text) && CheckInput(tbAge.Text))
{
if (CheckLength(tbUser.Text) && CheckLength(tbPass.Text))
{
you start to verify it.
Means when i insert a nice Username like this ') GO DROP DATABASE Telecaster GO --
your Telecaster DB says Goodbye forever :P
Yeah normally your Client-Side should prevent this, but it shouldn't be too hard bypassing this.
He is technically right, but let me point something out to your turtle:
Quote:
Originally Posted by ismokedrow
- I will NOT be held responsible for your failure to adapt and properly secure your server at ANY point in time.
This script isn't mean't for noobs, if you don't know how to fix it then leave it alone. I do not personally use this script and only released it for a friend.
<asp:RegularExpressionValidator ID="validate_user_input" runat="server" style="color: Red;" ValidationExpression="\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" ControltoValidate="tbUser" Text="Error: Malicious Symbols Detected! [Username]" ToolTip="This means you have attempted to use Malicious symbols in the Username Field!"></asp:RegularExpressionValidator>
Unless you're offering a way of fixing the vulnerability and or releasing a fixed version; please refrain from posting in this thread. Thank you.
Actually everybody can simply use a Proxy to change/hide his IP , what makes an IP-Bann useless. Although many People have dynamic IP Addresses, meaning their IP-Address changes daily. So your Bann would only work for 1 Day and the poor Guy getting this IP is banned from registering...
I would recommed you using Cookies to ban them ( Okay, i know, everyone knows how to delete Cookies too, but it's better then IP Banning :P )
@ismokedrow
Nice Script,
(sorry i don't know ASP that good, maybe i'm wrong )
Isn't there a little Security Issue?
Code:
SqlDataReader dr = new SqlCommand(string.Format("SELECT login_name FROM Accounts WHERE login_name = '{0}'", tbUser.Text), sqlConn).ExecuteReader();
In this Command you simply insert the Username while some Lines later
Code:
if (CheckInput(tbUser.Text) && CheckInput(tbPass.Text) && CheckInput(tbPassConf.Text) && CheckInput(tbAge.Text))
{
if (CheckLength(tbUser.Text) && CheckLength(tbPass.Text))
{
you start to verify it.
Means when i insert a nice Username like this ') GO DROP DATABASE Telecaster GO --
your Telecaster DB says Goodbye forever :P
Yeah normally your Client-Side should prevent this, but it shouldn't be too hard bypassing this.
Your Turtle
This won't happen if the user which is executing the query don't have the rights to do something like this^^ This user is only supposed to insert data into the account table. Normally this user shouldn't be able to do something else...
Everyone providing an user with full rights or something like this in the web.config is an idiot and should close his server directly^^
[RELEASE] Secure PHP Web Registration Script 10/08/2019 - Shaiya PServer Guides & Releases - 208 Replies This is technically obsolete now, and I'd recommend using my newer script instead.
This is a secure registration script meant for Shaiya private servers.
I noticed a lot of private servers were using sandolkakos's registration script, which is very dangerous since it is vulnerable to SQL injection.
Ideally your UserUID column in the table PS_UserData.dbo.Users_Master should be set to auto-increment. If this is not the case, you will need to adjust this script, or ideally fix your...
[ADVANCED] Registration Script / SQLSRV 01/06/2014 - Rappelz Private Server - 30 Replies -- Forewarning --
The following is in no way shape or form intended for the use of beginners and requires basic and intermediate skill levels to apply and use.
-- Features --
Username Check
Password Confirm
Password MD5 Encryption
Age Field (For Server using; Adult Server)
[release] Advanced register script 05/10/2011 - EO PServer Hosting - 9 Replies hi all
time for the second advanced release
this is a register script but with email verification
the script itself can work with 2 databases or with a single database ( i wrote it for 2 databases)
what does it do ??
let the user register as normal
[RELEASE]Registration Script (ENG) 05/16/2009 - Dekaron Private Server - 12 Replies I just created this registration script so enjoy. Unlike the others that are posted around, this one is built from the ground up by me. Enjoy and dont forget to say thanks! Uses mssql();
Please post your comments and suggestions!!!! Ill have more tools on the way.
~Quick tut to get it working~
1. Download the rar
2. Extract it to a place where you can easily edit the files
3. Open up includes/db.php
4. Edit your information for your SQL server
5. Save and upload to a directory inside...
![[RELEASE]Advanced Registration Script (ASP.NET)](https://www.elitepvpers.com/forum/iconimages/rappelz-private-server/release-advanced-registration-script-asp-net_ltr.gif){kind=small}
