Register Script

[Gothic]

Register script for ep1 its work perfect,

 

Englisch:

1. Create a text document.

2. Copy the script in there.

3. Rename the file in register.php

4. Add it in xampp/hotdocs

5. Open it with 2

 

Deutsch:

1. Erstellt ein Textdocument

2. Kopiert das script ins Document

3. Ändert das Document in register.php

4. Kopiert es in xampp/hotdocs

5. Öffnet es mit 2

 

 

<?php

// Enter MySQL Connection Info Here
$mysql = array(
host => "localhost",
user => "root",
pass => ""
);

function anti_inject($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}

echo "";

if($_POST[activ] == 1) {

$accname = anti_inject($_POST[accname]);
$accmail = anti_inject($_POST[accmail]);
$accpass1 = anti_inject($_POST[accpass1]);
$accpass2 = anti_inject($_POST[accpass2]);

$con = mysql_connect($mysql[host],$mysql[user],$mysql[pass]);
$result = mysql_query("SELECT * FROM newproject_db_auth.bg_user WHERE user_id = ".$accname."",$con);
$row = mysql_num_rows($result);

$result2 = mysql_query("SELECT user_code FROM newproject_db_auth.bg_user ORDER BY user_code DESC LIMIT 1",$con);
$newcode = mysql_result($result2, 0) + 1;

if(empty($accname) || empty($accmail) || empty($accpass1) || empty($accpass2)) {
echo "
You did not fill in all the required fields.
(Go Back)

";
} elseif($row > 0) {
echo "
This account name already exists.
(Go Back)

";
} elseif($accpass1 != $accpass2) {
echo "
The passwords did not match.
(Go Back)

";
} elseif($accpass1 == $accname) {
echo "
Account name and password are the same.
(Go Back)

";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "
Enter a account name containing only (0-9, A-Z).
(Go Back)

";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "
Enter a password containing only (0-9, A-Z).
(Go Back)

";
} elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$accmail)) {
echo "
Your e-mail is not correct.
(Go Back)

";
} elseif(strlen($accname) < 3 || strlen($accname) > 12) {
echo "
The account name must be 3-12 characters long.
(Go Back)

";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 12) {
echo "
The password must be 3-12 characters long.
(Go Back)

";
} else {

mysql_query("INSERT INTO newproject_db_auth.bg_user VALUES (".$newcode.", ".$accname.", , , NULL, , , 000000-0000000, M, ".$accpass1.", 0, NULL, NULL, NULL, S, ".$accmail.", NULL, NULL, 0, 0, NULL, NULL, 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0, 0 0 0 0 0 1 0, N, Y, Y, Y, N, N, Y, N, NULL, NULL, NULL, NULL, NULL, NULL, LC, LC, 0000-00-00 00:00:00, 0000-00-00 00:00:00, NULL, NULL, 0, N, N, N, N, NULL, Y, NULL, N, NULL, N)");

echo "The account was successfully created.
";

}

} else {

$con = mysql_connect($mysql[host],$mysql[user],$mysql[pass]);
$result = mysql_query("SELECT * FROM newproject_db_auth.bg_user",$con);
$row = mysql_num_rows($result);

echo "We Have ".$row." Registed Accounts On Our Server
";
echo "";
echo "Your Account InfoAccount Nameassword:Again Password:E-Mail:  

";
echo "";
echo "LastChaos Register Page © Warmonger ";

}

echo "";

?>

 

Script Powert by Warmonger

[megachombas]

why not a simple:

 

 

$mysql = array(
host => "localhost",
db => "newproject_db_auth",
user => "root",
pass => ""
);

 

?

[MonarC]

Thank you <33 It helped me very much now people can register and play in mine ep1

[Warmonger]

why not a simple: 

 

$mysql = array(
host => "localhost",
db => "newproject_db_auth",
user => "root",
pass => ""
);

 

?

 

Simple? The database is already set in the query. My setup is simpler then adding the database to the array.

[someone]

I suggest using mysql_real_escape_string(), instead warmongers anti_inject(), because it will change the info from a word that contains for example IselectIT in the database it will appear IIT, and many other examples.

 

 

$accname = mysql_real_escape_string($_POST[accname]);
$accmail = mysql_real_escape_string($_POST[accmail]);
$accpass1 = mysql_real_escape_string($_POST[accpass1]);
$accpass2 = mysql_real_escape_string($_POST[accpass2]);

 

Another Thing:

You can removethis:

$result2 = mysql_query("SELECT user_code FROM newproject_db_auth.bg_user ORDER BY user_code DESC LIMIT 1",$con);
$newcode = mysql_result($result2, 0) + 1;

And this:

mysql_query("INSERT INTO newproject_db_auth.bg_user VALUES (".$newcode.", ".$accname.", , , NULL, , , 000000-0000000, M, ".$accpass1.", 0, NULL, NULL, NULL, S, ".$accmail.", NULL, NULL, 0, 0, NULL, NULL, 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0, 0 0 0 0 0 1 0, N, Y, Y, Y, N, N, Y, N, NULL, NULL, NULL, NULL, NULL, NULL, LC, LC, 0000-00-00 00:00:00, 0000-00-00 00:00:00, NULL, NULL, 0, N, N, N, N, NULL, Y, NULL, N, NULL, N)");

 

And add this instead:

] mysql_query("INSERT INTO newproject_db_auth.bg_user(user_id,name,passwd,email) VALUES(".$accname.",".$accname.",".$accpass1.",".$accmail.");");

[Warmonger]

I suggest using mysql_real_escape_string(), instead warmongers anti_inject(), because it will change the info from a word that contains for example IselectIT in the database it will appear IIT, and many other examples. 

 

$accname = mysql_real_escape_string($_POST[accname]);
$accmail = mysql_real_escape_string($_POST[accmail]);
$accpass1 = mysql_real_escape_string($_POST[accpass1]);
$accpass2 = mysql_real_escape_string($_POST[accpass2]);

 

They can just remove the delimiters and have them characters available. Might be easier for them.

[someone]

They can just remove the delimiters and have them characters available. Might be easier for them.
 

I suggest you, try to sql inject it if you succeed, post it. This method i posted will changes the characters that i usually used for sql injection into other characters.

The Sql injection will be inserted into the database and not executed.

2

[Warmonger]

I suggest you, try to sql inject it if you succeed, post it. This method i posted will changes the characters that i usually used for sql injection into other characters.The Sql injection will be inserted into the database and not executed.

2

 

Try sql inject my old code above, if you succeed post it. My private site is un-hackable and use other measures. I use mysql_real_escape_string in my private site, but only for queries in which it is intended. Account info isnt case sensitive client -> server so it doesnt matter either way.

 

You can also just push the input off onto a function to be sanitized like so.

 

//Sanitizes AccountIDs & Passwords
//Non-Referenced aswell as Referenced passing of variables.
//Does also return (string) $input
function inputT1 (&$input)
{
$input = preg_replace (/[^a-z0-9_\.]/i, , $input);

return $input;
}

 

There are many ways to do the same purpose. If they want a complete un-hackable site they can purchase a package here => 2

[someone]

What site is good if it tells you, account created successfully and in the database is stored something different(There are many worts that users use to create their userID).

 

Your methods are unconventional, plus your site looks like a scamming site(that tries to scam people).

[Warmonger]

What site is good if it tells you, account created successfully and in the database is stored something different(There are many worts that users use to create their userID). 

Your methods are unconventional, plus your site looks like a scamming site(that tries to scam people).

 

I have made sales to even people of this forum before, no scams involved, me and my team dont have time for the kiddy scam games. Our team consist of the best developers on the web if not in the world. It just shows how well of a moderator you are here for calling out some of the members here.