[RELEASE] Secure PHP Web Registration Script

remnikalija · 02/17/2011, 00:18

Warning: require_once(success.view.php) [function.require-once]: failed to open stream: No such file or directory in C:\xampp\htdocs\register.php on line 61

Fatal error: require_once() [function.require]: Failed opening required 'success.view.php' (include_path='.;\xampp\php\PEAR') in C:\xampp\htdocs\register.php on line 61

abrasive · 02/17/2011, 00:19

Quote:

Originally Posted by remnikalija

Warning: mssql_query() [function.mssql-query]: message: Cannot insert the value NULL into column 'UserUID', table 'PS_UserData.dbo.Users_Master'; column does not allow nulls. INSERT fails. (severity 16) in C:\xampp\htdocs\register.php on line 49

Warning: mssql_query() [function.mssql-query]: Query failed in C:\xampp\htdocs\register.php on line 49

Now you probably want to set UserUID as the identity column, that way when you try to insert null into the UserUID column it will add one to the last highest value. This is covered some at the beginning of this thread.

remnikalija · 02/17/2011, 00:48

it works now i had to allow nulls on rowid to work

zargon05 · 02/17/2011, 14:33

Quote:

Originally Posted by remnikalija

it works now i had to allow nulls on rowid to work

RowID is an identity coloumn so it must contain a value.

VVayinsane · 02/18/2011, 04:54

Hey, i got a small problem. I did everything that is needed. I am running shaiya ep4 and when i register, everything that is suppost to get added to the database (INSERT INTO PS_UserData.dbo.Users_Master) gets added. My problem comes from it not adding the information to the second database(i dont recall the location at this time).

ProfNerwosol · 02/18/2011, 15:32

I suggest you read Abrasives tutorial on how to use

. It should explain a few things.

To answer your questions. You don't need the other database (OMG_Webserv or something like that). Server doesn't call it even once. It was probably created by someone for some purpose and can be safely deleted.

VVayinsane · 02/19/2011, 01:50

ProfNerwosol, thanks for the info. Shouldnt i still be able to login to the game even though the info was not placed on the second database? or since we have the second database up it is checking both of them. Once the second one is removed it will fix the problem?

RebeccaBlack · 02/19/2011, 02:21

I'm not sure how it is. I know that on some of the "PS_UserData.dbo.usp_Try_GameLogin_Taiwan" procedures I've seen, it has a password check pointing to the OMG_GameWeb database. I've always manually edited that and had it call a personal procedure from PS_UserData to do mine o.O

VVayinsane · 02/19/2011, 04:56

Can someone give me a guide on how they removed the second database from being called. I cant find Try_GameLogin_Taiwan at all. I am using the ep4 found on the forums so maybe someone knows how and can explain. Thank you

this_is_love · 02/20/2011, 20:50

Quote:

Failed to create a new account, please try again later

Pls Help me !

VVayinsane · 02/21/2011, 23:55

this_is_love, That means the insert statement is probably not valid for your database. Fix the query or fix your database, your choice

AbsolonShaiya · 02/24/2011, 08:27

Quote:

Warning: require_once(success.view.php) [function.require-once]: failed to open stream: No such file or directory in C:\WebServer\www\Shaiya\register\register.php on line 61

Fatal error: require_once() [function.require]: Failed opening required 'success.view.php' (include_path='.;C:\php5\pear') in C:\WebServer\www\Shaiya\register\register.php on line 61

Apparently i need success.view.php also for this...

On another note it entered the info into PS_UserData.dbo.Users_Master but nothing is added to PS_UserData.dbo.Users_Detail...

Also how can i change the password to hold up to 20 Alpha-Numeric Char's?

abrasive · 02/24/2011, 16:34

Quote:

Originally Posted by AbsolonShaiya

Apparently i need success.view.php also for this...

On another note it entered the info into PS_UserData.dbo.Users_Master but nothing is added to PS_UserData.dbo.Users_Detail...

Also how can i change the password to hold up to 20 Alpha-Numeric Char's?

I added success.view.php, I completely missed adding it here last time I updated, sorry about that.

What were you wanting/expecting to be added to Users_Detail?

To change the password length to allow up to 20 alpha-numeric characters, first make sure your Users_Master.Pw column is set to at least varchar(20). Then edit register.php and change this line:

Code:

}else if(strlen($password) < 3 || strlen($password) > 16){

to this:

Code:

}else if(strlen($password) < 3 || strlen($password) > 20){

AbsolonShaiya · 02/25/2011, 02:38

Sorry I hadn't looked into your password change script but i knew that Users_Detail held the information for password question and answers. if we don't need it though i can deal with that.

abrasive · 02/25/2011, 07:33

Quote:

Originally Posted by AbsolonShaiya

Sorry I hadn't looked into your password change script but i knew that Users_Detail held the information for password question and answers. if we don't need it though i can deal with that.

That's a matter of implementation. How do you want users to be able to change passwords?

I made this really basic so I only used a CAPTCHA on the password change page.

Most web sites require you to be logged in to change your password, and rightfully so. You would want to know the user trying to change a user's password is authorized to do so.

Storing security questions and answers complicates things quite a bit as far as implementation goes.

You really should should be storing passwords as salted hashes when registering users, but almost nobody here is interested in that unfortunately