sanctum32

error_reporting(0); $server_ip = "127.0.0.1"; // Server ip this is bad idea... all errors or warnings are important, for example, here is similar thing, like as to drive with broken car. in php here same symbols of and and if operators and = && or = ||

Here is my edited registration script additions: * added email and passwords checks * changed position, aligned it to center * moved config array to config.php * solved nasty thing, when on successful registration page returns 0: * added another security from sql injections (it has two security checks) config.php <?php $server_ip = "127.0.0.1"; // Server ip $port = "3306"; // Mysql port $host = "127.0.0.1"; // Mysql host $user = "user"; // Mysql username $pass = "paswd"; // Mysql password $characters = "characters_db"; // Characters database $auth = "auth_db"; // Auth/realm server $server_name = "WoW private server"; ?> register.php <?php require_once('config.php'); function check_for_symbols($string) { $len=strlen($string); $allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i])) return TRUE; return FALSE; } function sha_password($user,$pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user.':'.$pass); } if ($host != "" && $user != "" && $pass != "" && $auth != "") { $new_connect = mysql_connect($host,$user,$pass); if ($new_connect) $selectdb = mysql_select_db($auth,$new_connect); else { echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect"; die; } if ($new_connect && !$selectdb) { echo "Could NOT connect to db: Database does not exist!"; die; } if ($_POST['registration']) { // Main functions $username = $_POST['username']; $password = sha_password($username,$_POST['password']); $password2 = sha_password($username,$_POST['password2']); $expansionnumber = $_POST['expansion']; $email = $_POST['email']; // Existing data checks to avoid dublicate accounts or other errors $check_username = mysql_query("SELECT `username` FROM `account` WHERE username='$username'"); $check_email = mysql_query("SELECT `email` FROM `account` WHERE `email`='$email'"); // Main checks if ($username == "") { echo "Field username is empty!"; } else if ($password == "") { echo "Field password is empty!"; } else if ($email == "") { echo "Field email is empty!"; } else if (mysql_num_rows($check_email) != NULL) { echo "Email is already used"; } else if (check_for_symbols($_POST[password]) == TRUE) { echo "Error with creating account: password has invalid symbols in it."; } else if (check_for_symbols($username) == TRUE) { echo "Error with creating account: username has invalid symbols in it."; } else if (mysql_num_rows($check_username) != NULL) { echo "Error with creating account: name is already in use."; } else if ($password != $password2) { echo "Passwords not matches!"; } else { $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $expansionnumber = mysql_real_escape_string($expansionnumber); // adding it anyway $email = mysql_real_escape_string($email); mysql_query("INSERT INTO account (username, sha_pass_hash, expansion, email) VALUES ('$username','$password','$expansionnumber','$email')"); echo "Account created."; } } else { ?> <html> <head> <?php echo "<title>$server_name</title>"; ?> </head> <body> <center> <big>Registration</big> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST"> <table border="0" width="290px"> <tr> <td>Username</td> <td><input type="text" name="username"/></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"/></td> </tr> <tr> <td>Retype Password</td> <td><input type="password" name="password2"/></td> </tr> <tr> <td>Email</td> <td><input type="email" name="email"/></td> </tr> </table> Expansion Selection <select name="expansion"> <option value="0">Classic</option> <option value="1">The Burning Crusade</option> <option value="2">Wrath of the Lich King</option> <option value="3">Cataclysm</option> </select><br /> <input alt="Register" type="submit" name="registration"/> </form> </center> </body> </html> <?php } } ?>

i'm sanctum32. i'm 18 years old. working with sql databases (postgresql and mysql, with others not tryed) about 6 years learning c++ scripting. hobies: tv, programming, IT.