<?php
include("config.php");
$connect = odbc_connect("Driver={SQL Server};Server={$host}; Database={$dbname}", $user, $pass) or die("Can't connect the MSSQL server.");
?>
<html>
<head>
<title>Silkroad Registration</title>
<link rel="stylesheet" href="css/style2.css" type="text/css" media="screen" />
<link rel="stylesheet" href="css/stylesheet.css" type="text/css" media="screen" />
</head>
<body>
<div align="center" style="position:absolute; top:10px; z-index:0;">
<img src="images/bg6.png" border='0'>
</div>
<div class="reg" style="position:relative; top:222px; left:300px;">
<div style="position:relative; top:-28px; left:11px;">
<center><table width='350'>
<form action='reg.php?act=regis' method='POST'>
<tr>
<td><b><font size="5" color="white">SROFactory Rej.</font></b></td><br><br>
</tr>
<tr>
</tr>
<tr>
<td width='50px'><font color=red><input value='Nazwa uzytkownika*' type='text' name='username'></td></font>
</tr>
<tr>
<td width='50px'><input value='Hasło*' type='password' name='password'></td>
</tr>
<tr>
<td width='50px'><input value='Nick w grze*' type='text' name='playername'></td>
</tr>
<tr>
<td width='50px'><input value='E-Mail*' type='text' name='email'></td>
</tr>
<tr>
<td width='50px'><input type='submit' value='Akceptuje'></td>
</tr>
</table>
</center>
<div style="position:relative; top:-30px; left:135px;">
<a href="recover.php">Zapomniales ID/Haslo?</a>
</div>
</div>
</div>
<center>
<?php
$ip = ($_SERVER['REMOTE_ADDR']);
if (isset($_GET['act']) AND $_GET['act'] == "regis")
{
$regdate = date("Y-m-d H:i:s");
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|'|\"|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
$username=anti_injection($_POST['username']);
$password=md5($_POST['password']);
$password2=anti_injection($_POST['password']);
$playername=anti_injection($_POST['playername']);
$email=anti_injection($_POST['email']);
if (!$_POST['username'] )
{
echo "<script>alert('Username is empty');location.href='reg.php';</script>";
die();
}
else
if (!$_POST['password'] )
{
echo "<script>alert('Password is empty');location.href='reg.php';</script>";
die();
}
else
if (!$_POST['playername'] )
{
echo "<script>alert('player name is empty');location.href='reg.php';</script>";
die();
}
else
if (!$_POST['email'] )
{
echo "<script>alert('E-Mail is empty');location.href='reg.php';</script>";
die();
}
$query = odbc_exec($connect, "SELECT StrUserID FROM TB_User WHERE StrUserID = '$username'");
$existing_users = odbc_num_rows($query);
if($existing_users != 0) {
echo "<script>alert('Username already taken!');location.href='reg.php';</script>";
die();
} else
odbc_exec($connect, "INSERT INTO TB_User (StrUserID, password, Name, Email, sec_primary, sec_content, AccPlayTime, LatestUpdateTime_ToPlayTime) VALUES
('$username', '$password', '$playername', '$email', '3', '3', '0', '0')");
echo "<script>alert('Account Registration Successful! \\nUsername: $username \\nPassword: $password2');location.href='$index';</script>";
}
?>
<br/>
</center>
</body>
<table bgcolor="black">
<tr>
<td>
Created by Aznkidd235
</td>
</tr>
</table>
</html>
And where i must add you code ?
|