sanctum32
-
Posts
21 -
Joined
-
Last visited
Posts posted by sanctum32
-
-
Here is my edited registration script
additions:
* added email and passwords checks
* changed position, aligned it to center
* moved config array to config.php
* solved nasty thing, when on successful registration page returns 0:
* added another security from sql injections (it has two security checks)
config.php
<?php $server_ip = "127.0.0.1"; // Server ip $port = "3306"; // Mysql port $host = "127.0.0.1"; // Mysql host $user = "user"; // Mysql username $pass = "paswd"; // Mysql password $characters = "characters_db"; // Characters database $auth = "auth_db"; // Auth/realm server $server_name = "WoW private server"; ?>
register.php
<?php require_once('config.php'); function check_for_symbols($string) { $len=strlen($string); $allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i])) return TRUE; return FALSE; } function sha_password($user,$pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user.':'.$pass); } if ($host != "" && $user != "" && $pass != "" && $auth != "") { $new_connect = mysql_connect($host,$user,$pass); if ($new_connect) $selectdb = mysql_select_db($auth,$new_connect); else { echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect"; die; } if ($new_connect && !$selectdb) { echo "Could NOT connect to db: Database does not exist!"; die; } if ($_POST['registration']) { // Main functions $username = $_POST['username']; $password = sha_password($username,$_POST['password']); $password2 = sha_password($username,$_POST['password2']); $expansionnumber = $_POST['expansion']; $email = $_POST['email']; // Existing data checks to avoid dublicate accounts or other errors $check_username = mysql_query("SELECT `username` FROM `account` WHERE username='$username'"); $check_email = mysql_query("SELECT `email` FROM `account` WHERE `email`='$email'"); // Main checks if ($username == "") { echo "Field username is empty!"; } else if ($password == "") { echo "Field password is empty!"; } else if ($email == "") { echo "Field email is empty!"; } else if (mysql_num_rows($check_email) != NULL) { echo "Email is already used"; } else if (check_for_symbols($_POST[password]) == TRUE) { echo "Error with creating account: password has invalid symbols in it."; } else if (check_for_symbols($username) == TRUE) { echo "Error with creating account: username has invalid symbols in it."; } else if (mysql_num_rows($check_username) != NULL) { echo "Error with creating account: name is already in use."; } else if ($password != $password2) { echo "Passwords not matches!"; } else { $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $expansionnumber = mysql_real_escape_string($expansionnumber); // adding it anyway $email = mysql_real_escape_string($email); mysql_query("INSERT INTO account (username, sha_pass_hash, expansion, email) VALUES ('$username','$password','$expansionnumber','$email')"); echo "Account created."; } } else { ?> <html> <head> <?php echo "<title>$server_name</title>"; ?> </head> <body> <center> <big>Registration</big> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST"> <table border="0" width="290px"> <tr> <td>Username</td> <td><input type="text" name="username"/></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"/></td> </tr> <tr> <td>Retype Password</td> <td><input type="password" name="password2"/></td> </tr> <tr> <td>Email</td> <td><input type="email" name="email"/></td> </tr> </table> Expansion Selection <select name="expansion"> <option value="0">Classic</option> <option value="1">The Burning Crusade</option> <option value="2">Wrath of the Lich King</option> <option value="3">Cataclysm</option> </select><br /> <input alt="Register" type="submit" name="registration"/> </form> </center> </body> </html> <?php } } ?>
-
i'm sanctum32. i'm 18 years old. working with sql databases (postgresql and mysql, with others not tryed) about 6 years learning c++ scripting. hobies: tv, programming, IT.
[PHP] Utilities
in Web Scripts
Posted
in php here same symbols of and and if operators