Here is my edited registration script
additions:
* added email and passwords checks
* changed position, aligned it to center
* moved config array to config.php
* solved nasty thing, when on successful registration page returns 0:
* added another security from sql injections (it has two security checks)
config.php
<?php
$server_ip = "127.0.0.1"; // Server ip
$port = "3306"; // Mysql port
$host = "127.0.0.1"; // Mysql host
$user = "user"; // Mysql username
$pass = "paswd"; // Mysql password
$characters = "characters_db"; // Characters database
$auth = "auth_db"; // Auth/realm server
$server_name = "WoW private server";
?>
register.php
<?php
require_once('config.php');
function check_for_symbols($string)
{
$len=strlen($string);
$allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))
return TRUE;
return FALSE;
}
function sha_password($user,$pass)
{
$user = strtoupper($user);
$pass = strtoupper($pass);
return SHA1($user.':'.$pass);
}
if ($host != "" && $user != "" && $pass != "" && $auth != "")
{
$new_connect = mysql_connect($host,$user,$pass);
if ($new_connect)
$selectdb = mysql_select_db($auth,$new_connect);
else
{
echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect";
die;
}
if ($new_connect && !$selectdb)
{
echo "Could NOT connect to db: Database does not exist!";
die;
}
if ($_POST['registration'])
{
// Main functions
$username = $_POST['username'];
$password = sha_password($username,$_POST['password']);
$password2 = sha_password($username,$_POST['password2']);
$expansionnumber = $_POST['expansion'];
$email = $_POST['email'];
// Existing data checks to avoid dublicate accounts or other errors
$check_username = mysql_query("SELECT `username` FROM `account` WHERE username='$username'");
$check_email = mysql_query("SELECT `email` FROM `account` WHERE `email`='$email'");
// Main checks
if ($username == "")
{
echo "Field username is empty!";
}
else if ($password == "")
{
echo "Field password is empty!";
}
else if ($email == "")
{
echo "Field email is empty!";
}
else if (mysql_num_rows($check_email) != NULL)
{
echo "Email is already used";
}
else if (check_for_symbols($_POST[password]) == TRUE)
{
echo "Error with creating account: password has invalid symbols in it.";
}
else if (check_for_symbols($username) == TRUE)
{
echo "Error with creating account: username has invalid symbols in it.";
}
else if (mysql_num_rows($check_username) != NULL)
{
echo "Error with creating account: name is already in use.";
}
else if ($password != $password2)
{
echo "Passwords not matches!";
}
else
{
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$expansionnumber = mysql_real_escape_string($expansionnumber); // adding it anyway
$email = mysql_real_escape_string($email);
mysql_query("INSERT INTO account (username, sha_pass_hash, expansion, email) VALUES ('$username','$password','$expansionnumber','$email')");
echo "Account created.";
}
}
else
{
?>
<html>
<head>
<?php echo "<title>$server_name</title>"; ?>
</head>
<body>
<center>
<big>Registration</big>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
<table border="0" width="290px">
<tr>
<td>Username</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td>Retype Password</td>
<td><input type="password" name="password2"/></td>
</tr>
<tr>
<td>Email</td>
<td><input type="email" name="email"/></td>
</tr>
</table>
Expansion Selection
<select name="expansion">
<option value="0">Classic</option>
<option value="1">The Burning Crusade</option>
<option value="2">Wrath of the Lich King</option>
<option value="3">Cataclysm</option>
</select><br />
<input alt="Register" type="submit" name="registration"/>
</form>
</center>
</body>
</html>
<?php
}
}
?>