Jump to content

Recommended Posts

Posted

Config:

<?php 
$port = "3306";
$host = "";
$user = "";
$pass = ""; 
$characters = "";
$auth = "";
$cod = 'utf8';
?>

Register

<?php
$realmd = array(
'db_host'=> 'localhost',        // Host IP
'db_username' => 'root',        // Database login-name
'db_password' => 'mangos',      // Database login-pass
'db_name_realm'=> 'realmd',     // Database name of realm
);

function check_for_symbols($string)
{
    $len=strlen($string);
    $allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))
        return TRUE;
    return FALSE;
}
function sha_password($user,$pass)
{
    $user = strtoupper($user);
    $pass = strtoupper($pass);
    return SHA1($user.':'.$pass);
}
if ($realmd[db_host] != "" && $realmd[db_username] != "" && $realmd[db_password] != "" && $realmd[db_name_realm] != "")
{
    $new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);
    if ($new_connect)
        $selectdb = mysql_select_db($realmd[db_name_realm],$new_connect);
    else
    {
        echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect";
        die;
    }

    if ($new_connect && !$selectdb)
    {
        echo "Could NOT connect to db: Database does not exist!";
        die; 
    }

    if ($_POST['registration'])
    {
        $username = $_POST['username'];
        $password = sha_password($username,$_POST['password']);
        $expansionnumber = $_POST['expansion'];

        $check_username = mysql_query("SELECT username FROM `account` WHERE username='$username'");
        if ($username == "")
        {
            echo "Field username is empty!";
        }
        else if ($password == "")
        {
            echo "Field password is empty!";
        }
        else if (check_for_symbols($_POST[password]) == TRUE)
        {
            echo "Error with creating account: password has invalid symbols in it.";
        }
        else if (check_for_symbols($username) == TRUE)
        {
            echo "Error with creating account: username has invalid symbols in it.";
        }
        else if (mysql_num_rows($check_username) != 0)
        {
            echo "Error with creating account: name is already in use.";
        }
        else
        {
            $username = mysql_real_escape_string($username);
            mysql_query("INSERT INTO account (username,sha_pass_hash,expansion) VALUES
('$username','$password','$expansionnumber')");
            if (mysql_error)
                echo mysql_errno($new_connect) . ": " . mysql_error($new_connect). "\n";
            else
            {
                echo "Account created.";
                mysql_close($new_connect);
            }
        }
    }
    else
    {
        ?>
        <html>
        <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
        Username <input type="text" name="username">
        Password <input type="password" name="password">
        Expansion Selection<select name="expansion">
            <option value="1">Vanilla</option>
            <option value="2">TBC</option>
            <option value="3">WotLK</option>
        </select>
        <input type="submit" name="registration">
        </form>
        </html>
        <?php
    }
}
else
    echo "Config file either not present or connection variables are empty";
?>

Top honor:

<?php

include ("config.php");

$connect = mysql_connect($host,$user,$pass) OR DIE("'Can't connect with $host"); 
mysql_select_db($characters,$connect) or die(mysql_error()); 

$result = mysql_query("SELECT * FROM `characters` ORDER BY `totalKills` DESC LIMIT 0 , 100 ");  

?>
<font color=#000000>
    <table align=center cellpadding="0" cellspacing="0"  border="1" width=100%>
    <thead>
        <td width="4%"><center>Nº</center></td>
        <td width="16%"><center>Character Name</center></td>
        <td width="4%"><center>level</center></td>
        <td width="5%"><center>Honor</center></td>
        <td width="4%"><center>Kills</center></td>
    </thead>
    <tbody>
                
<?php

while($rows = mysql_fetch_object($result)) 
{ 
 $i++; 
 $name = $rows->name; 
 $level = $rows->level;  
 $Total_Kills = $rows->totalKills;
 $Total_Honor = $rows->totalHonorPoints;
 
    echo " 
 <tr>
 <td><center>",$i,"</center></td>
 <td><i>",$name,"</i></td>
 <td><center>",$level,"</center></td>
 <td><center>",$Total_Honor,"</center></td>
 <td><center>",$Total_Kills,"</center></td>
 </tr>"; 
} 

    mysql_close($characters);
?>

Arena Top:

<html>
<head>
<title>Top Arena</title>
<style>
body
{
    background: #000000;
    color: #8f7e4b;
    font: 10pt tahoma, verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;
    margin: 0px 0px 0px 0px;
    padding: 0px;
    text-align: center;
}
a:link
{
    color: #d4c8a2;
    text-decoration: none;
}
a:visited
{
    color: #d4c8a2;
    text-decoration: none;
}
a:hover, a:active
{
    color: #FFFFFF;
    text-decoration: none;
}
</style>
</head>
<body>

<?
include ("config.php");

$j=1;
        $teamType = array(
                '2' => '2x2',
                '3' => '3x3',
                '5' => '5x5'
                );
                
$connect = mysql_connect($host,$user,$pass) OR DIE("'Can't connect with $host"); 
mysql_select_db($characters,$connect) or die(mysql_error()); 
mysql_query("SET NAMES '$cod'"); 

if(!isset($_GET['guid'])){

$sql = mysql_query("SELECT * FROM `arena_team` ORDER by `name`");

echo "<center><table border=1 width=70%>
<tr>
<td>Team Name</td>
<td align=center>Command Type</td>
<td align=center><center>Team Leader</center></td>
<td>Faction</td>
<td align=center>Rating</td>

</tr>";
while ($row = mysql_fetch_array($sql)){
$query_num = mysql_query("SELECT COUNT(*) FROM `arena_team_member` WHERE `arenateamid`='$row[arenateamid]'");
$gleader = "SELECT name,race FROM `characters` WHERE `guid`='$row[captainguid]'";
$myrow = mysql_fetch_array(mysql_query($gleader));
$top = mysql_query("SELECT * FROM `arena_team_stats` WHERE `arenateamid`='$row[arenateamid]'");
$toprow = mysql_fetch_array($top);

if($myrow['race']=="1" or $myrow['race']=="3" or $myrow['race']=="4" or $myrow['race']=="7" or  $myrow['race']=="11"){
    
    $faction = "alliance";
    }else{
    $faction = "horde";}



echo "
<tr>
<td >
<p style='padding-left: 5px'><a href='?guid=".$row[arenateamid]."' >".$row['name']."</a></p>
</td>
<td  align=center><center>".$teamType[$row['type']]."</center></td>

<td><a href=".$wowd."/index.php?player=".$row[captainguid].">".$myrow['name']."</a></td>
<td align=center><center><img src=images/".$faction.".gif title=".$faction."></center></td>
<td align=right><p style='padding-right: 8px'>".$toprow['rating']."</p></td></tr>";

}
echo "</table></center><br><br>";
}

if (@$_GET['guid'] ) { 

$name = "SELECT * FROM `arena_team` WHERE `arenateamid`='$_GET[guid]'";
$nrow = mysql_fetch_array(mysql_query($name));
$top = "SELECT * FROM `arena_team_stats` WHERE `arenateamid`='$_GET[guid]'";
$trow = mysql_fetch_array(mysql_query($top));
$member = "SELECT * FROM `arena_team_member` WHERE `arenateamid`='$_GET[guid]'";
$mrow = mysql_fetch_array(mysql_query($member));

$sql = mysql_query("SELECT * FROM `characters`, `arena_team_member` WHERE `characters`.`guid`=`arena_team_member`.`guid` and `arenateamid` = '".$_GET["guid"]."' ");
$row = mysql_fetch_array($sql);
$data = explode(' ',$row['data']);
$lvl = $data[$ver];    
$gender = dechex($data[36]);
$gender = str_pad($gender,8, 0, STR_PAD_LEFT);
$gender = $gender{3};
$guid = $row['guid'];
$race = $row['race'];
$class = $row['class'];
$online = $row['online'];
$j=1;

echo "<center>
<table border=0 width=60%>
<tr>
<td>
<table border=1 width=100%>
<tr><td>Team Name</td><td  >".$nrow['name']."</td></tr>
<tr><td>Rating</td><td  >".$trow['rating']."</td></tr>
<tr><td>Command Type</td><td  >".$teamType[$nrow['type']]."</td></tr>
<tr><td colspan=2 >Statistics of the Week</td></tr>
<tr><td>Played: ".$trow['games']."</td><td  >Won: ".$trow['wins']."</td></tr>
<tr><td colspan=2 >Stats</td></tr>
<tr><td>Played: ".$trow['played']."</td><td  >Won: ".$trow['wins2']."</td></tr>


</table>
";

echo "<table border=1 width=100%>
<tr>
<td align=center>#</td>
<td align=center>Nombre del Jugador</td>
<td align=center>lvl</td>
<td align=center>Raza</td>
<td align=center>Clase</td>
<td align=center>Game of the Week</td>
<td align=center>Won week</td>
<td align=center>Games for the season</td>
<td align=center>Won season</td>
<td align=center>Personal rating</td>
<td align=center>Online</td>
</tr>
";

echo "<tr>
<td valign=center width=3%>$j</td>
<td align=center valign=center width=20%><a href='/wow/wowd/?player=".$guid."' style='color: #ff9900; font-family : Geneva; text-decoration : none;'>".$row[name]."</a></td>
<td width=20 align=center valign=center>$lvl</td>
<td align=center valign=center width=7%><img src=images/race/".$race."-".$gender.".gif></td>
<td align=center valign=center width=7%><img src=images/class/$class.gif></td>
<td align=center width=20%>".$mrow['played_week']."</td>
<td valign=center width=20%>".$mrow['wons_week']."</td>
<td valign=center width=10%>".$mrow['played_season']."</td>
<td valign=center width=10%>".$mrow['wons_season']."</td>
<td valign=center width=10%>".$mrow['personal_rating']."</td>
<td valign=center width=10%><center><img src='images/status/".$online.".gif' height='18' width='18'></center></td>
</tr>
";


echo "</table></td></tr></table></center><br><br><br>";

echo "<table border=1><tr><td><a href='index.php'>Index</a></td></tr></table>";
} 

?>

</body>
</html>

Uptime Server:

<?php
require_once ( 'config.php');

mysql_connect($host, $user, $pass) or die ("Can't connect with $host");
mysql_selectdb ("$auth");

$sql = mysql_query ("SELECT * FROM $auth.`uptime` ORDER BY `starttime` DESC LIMIT 1");  
$uptime_results = mysql_fetch_array($sql);    

if ($uptime_results['uptime'] > 86400) { 
    $uptime =  round(($uptime_results['uptime'] / 24 / 60 / 60),2)." Days";
}
elseif($uptime_results['uptime'] > 3600) { 
    $uptime =  round(($uptime_results['uptime'] / 60 / 60),2)." Hours";
}
else { 
    $uptime =  round(($uptime_results['uptime'] / 60),2)." Min";
}

echo "Uptime:$uptime <br>";
?>

Recover Password:

<?php
/*
Very important! You need to run SQL update!
ALTER TABLE `account` ADD `reset_password` VARCHAR( 50 ) NOT NULL;
*/
/*Config*/
require_once ( 'config.php');
$conn = mysql_connect($host, $user, $pass, $realmd) or die('Connection failed: ' . mysql_error());
$config = array(
'path_to_thisfile' => 'http://www.fantasywow.es/lol/ownage/wow/pass_recovery.php', // Example: http://mysite.com/lol/ownage/wow/
'email_from' => 'webmaster@fantasywow.es', // Who should the email be sent from ?
'email_subject' => 'Recupera tu contraseña!', // Subject of the mail ??
);



function sha_password($user,$pass){
$user = strtoupper($user);
$pass = strtoupper($pass);

return SHA1($user.':'.$pass);
}
function random_string($counts){
$str = "abcdefghijklmnopqrstuvwxyz";//Count 0-25
for($i=0;$i<$counts;$i++){
if ($o == 1){
$output .= rand(0,9);
$o = 0;
}else{
$o++;
$output .= $str[rand(0,25)];
}

}
return $output;
}


$realmd_bc_new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);
$selectdb = mysql_select_db($realmd[db_name],$realmd_bc_new_connect);

if ($_GET[h] && $_GET[h] != '' && $_GET[h] != '0'){
$output_random_pass = random_string(10);
$query = mysql_query("SELECT username FROM `account` WHERE reset_password='$_GET[h]'");
$res = mysql_fetch_array($query);
if (mysql_num_rows($query) == 1){
echo "Hi $res[username], Your password is: $output_random_pass. Please change your password fast as possible.";
$pass_hash = sha_password($res[username],$output_random_pass);
mysql_query("UPDATE `account` SET sha_pass_hash='$pass_hash' WHERE reset_password='$_GET[h]'");
mysql_query("UPDATE `account` SET reset_password='' WHERE username='$res[username]'");
}else{
echo "Error.";
}

}else{
?>

<?php
//this is where user fill in and send by email
if ($_POST[password_takeback]){
$check_security = mysql_query("SELECT id FROM `account` WHERE username='$_POST[username]' AND email='$_POST'");
if (isset($_POST['username']) && isset($_POST['email']) && mysql_num_rows($check_security) == 1){
 $rand = random_string(40);
mysql_query("UPDATE `account` SET reset_password='$rand' WHERE username='$_POST[username]'");
$to = $_POST["email"];
$from = "From: $config[email_from]";
$subject = $config[email_subject];
$message= "Hi $_POST[username], you have submitted a password recovery on our site. IF YOU DIDNT SUBMIT A PASSWORD REQUEST JUST DELETE THIS MAIL!. Please follow this link to complete the operation: $config[path_to_thisfile]?h=$rand";
mail($to, $subject, $message, $from); // This work if you have configured your php.ini file to send email, !on linux its default.
echo "An Email has been sent to you, please follow the email to complete the process.";
}else{
echo "Incorrect details, Please be sure that you submitted right Email and Username to your account";
}
}else{
?>
<form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">
  Tu Email: 
    <input type="text" name="email">

Tu Usuario: 
<input type="text" name="username">

<input name="password_takeback" type="submit" value="Recuperar Contraseña">
</form>
<?php
}
}// End GET
?>

2c2:

<?php
// MySQL
//Añadir el fondo deseado
echo "<body background='./imagenes/fondo.jpg' text='white'>";


$WoWHostname = ""; // MySQL server address
$WoWUsername = ""; // MySQL username
$WoWPassword = ""; // MySQL password
$CharacterDatabase = ''; // TC characters database
$RealmDatabase = ''; // TC relamd database
$WorldDatabase = ''; // TC world database
$CharacterDatabaseEncoding = 'utf8'; // database character encoding

/*

*/
// DO NOT EDIT BELOW HERE IF YOU DON'T KNOW WHAT IT IS!!!
$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ' . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ' . mysql_error());

$sql = "SELECT * FROM `characters` WHERE `online` = 1 ORDER BY `name`";
$result = mysql_query($sql, $WoWconn) or die('Query failed: ' . mysql_error());

$count = 0;
?>

<?php
// 5º parte
	$link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword);
	$db_selected = mysql_select_db($CharacterDatabase, $link);

	$sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '2' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10

	$result = mysql_query($sql);

	if (!$result) {
	   die('Invalid query: ' . mysql_error()); // en caso de error...
	}

	mysql_close($link); //Cerrar comando de rankin 2c2

	$row = mysql_fetch_row($result);
	$i=1;
	
	echo "<br><br><br>";
	echo "<h2>Rankin 2c2</h2>";
	echo "<br>";
	echo "<table border=0><tr><td>";
	echo "<h4>Nombre del grupo</h4></td><td><h4>Puntos de grupo</h4></td></tr>";
	while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada
	{
		echo "<tr><td>";
		echo $row[0];
		echo "</td><td>";
		echo $row[3];
		echo "</td></tr>";
			$row = mysql_fetch_row($result);
	}
	echo "</table>";

// Fin parte 5
// Funciona: 
?>

3c3:

<?php
// MySQL
//Añadir el fondo deseado
echo "<body background='./imagenes/fondo.jpg' text='white'>";

$WoWHostname = ""; // MySQL server address
$WoWUsername = ""; // MySQL username
$WoWPassword = ""; // MySQL password
$CharacterDatabase = ''; // TC characters database
$RealmDatabase = ''; // TC relamd database
$WorldDatabase = ''; // TC world database
$CharacterDatabaseEncoding = 'utf8'; // database character encoding

/*

*/
// DO NOT EDIT BELOW HERE IF YOU DON'T KNOW WHAT IT IS!!!
$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ' . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ' . mysql_error());

$sql = "SELECT * FROM `characters` WHERE `online` = 1 ORDER BY `name`";
$result = mysql_query($sql, $WoWconn) or die('Query failed: ' . mysql_error());

$count = 0;
?>

<?php
// 5º parte
	$link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword);
	$db_selected = mysql_select_db($CharacterDatabase, $link);

	$sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '3' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10

	$result = mysql_query($sql);

	if (!$result) {
	   die('Invalid query: ' . mysql_error()); // en caso de error...
	}

	mysql_close($link); //Cerrar comando de rankin 2c2

	$row = mysql_fetch_row($result);
	$i=1;
	
	echo "<br><br><br>";
	echo "<h2>Rankin 3c3</h2>";
	echo "<br>";
	echo "<table border=0><tr><td>";
	echo "<h4>Nombre del grupo</h4></td><td><h4>Puntos de grupo</h4></td></tr>";
	while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada
	{
		echo "<tr><td>";
		echo $row[0];
		echo "</td><td>";
		echo $row[3];
		echo "</td></tr>";
			$row = mysql_fetch_row($result);
	}
	echo "</table>";

// Fin parte 5
// Funciona: 
?>

5c5:

<?php
// MySQL
//Añadir el fondo deseado
echo "<body background='./imagenes/fondo.jpg' text='white'>";


$WoWHostname = ""; // MySQL server address
$WoWUsername = ""; // MySQL username
$WoWPassword = ""; // MySQL password
$CharacterDatabase = ''; // TC characters database
$RealmDatabase = ''; // TC relamd database
$WorldDatabase = ''; // TC world database
$CharacterDatabaseEncoding = 'utf8'; // database character encoding

/*

*/
// DO NOT EDIT BELOW HERE IF YOU DON'T KNOW WHAT IT IS!!!
$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ' . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ' . mysql_error());

$sql = "SELECT * FROM `characters` WHERE `online` = 1 ORDER BY `name`";
$result = mysql_query($sql, $WoWconn) or die('Query failed: ' . mysql_error());

$count = 0;
?>

<?php
// 5º parte
	$link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword);
	$db_selected = mysql_select_db($CharacterDatabase, $link);

	$sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '5' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10

	$result = mysql_query($sql);

	if (!$result) {
	   die('Invalid query: ' . mysql_error()); // en caso de error...
	}

	mysql_close($link); //Cerrar comando de rankin 2c2

	$row = mysql_fetch_row($result);
	$i=1;
	
	echo "<br><br><br>";
	echo "<h2>Rankin 5c5</h2>";
	echo "<br>";
	echo "<table border=0><tr><td>";
	echo "<h4>Nombre del grupo</h4></td><td><h4>Puntos de grupo</h4></td></tr>";
	while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada
	{
		echo "<tr><td>";
		echo $row[0];
		echo "</td><td>";
		echo $row[3];
		echo "</td></tr>";
			$row = mysql_fetch_row($result);
	}
	echo "</table>";

// Fin parte 5
// Funciona: 
?>
  • 2 weeks later...
Posted

$characters = ""; //where your wow characters database is, most likely characters or char $auth = ""; //where your wow accounts database is, most likely auth 'db_name_realm'=> 'realmd', //looks like your wow accounts database.., again most like auth

Posted

Here is my edited registration script

additions:

* added email and passwords checks

* changed position, aligned it to center

* moved config array to config.php

* solved nasty thing, when on successful registration page returns 0:

* added another security from sql injections (it has two security checks)

config.php

<?php
$server_ip = "127.0.0.1";	// Server ip
$port = "3306";				// Mysql port
$host = "127.0.0.1";		// Mysql host
$user = "user";				// Mysql username
$pass = "paswd";			// Mysql password
$characters = "characters_db"; // Characters database
$auth = "auth_db";			// Auth/realm server
$server_name = "WoW private server";
?>

register.php

<?php
require_once('config.php');
function check_for_symbols($string)
{
    $len=strlen($string);
    $allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))
        return TRUE;
    return FALSE;
}

function sha_password($user,$pass)
{
    $user = strtoupper($user);
    $pass = strtoupper($pass);
    return SHA1($user.':'.$pass);
}

if ($host != "" && $user != "" && $pass != "" && $auth != "")
{
    $new_connect = mysql_connect($host,$user,$pass);
    if ($new_connect)
        $selectdb = mysql_select_db($auth,$new_connect);
    else
    {
        echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect";
        die;
    }

    if ($new_connect && !$selectdb)
    {
        echo "Could NOT connect to db: Database does not exist!";
        die; 
    }

    if ($_POST['registration'])
    {
		// Main functions
        $username = $_POST['username'];
        $password = sha_password($username,$_POST['password']);
	$password2 = sha_password($username,$_POST['password2']);
        $expansionnumber = $_POST['expansion'];
	$email = $_POST['email'];

		// Existing data checks to avoid dublicate accounts or other errors
        $check_username = mysql_query("SELECT `username` FROM `account` WHERE username='$username'");
		$check_email = mysql_query("SELECT `email` FROM `account` WHERE `email`='$email'");
		
		// Main checks
        if ($username == "")
        {
            echo "Field username is empty!";
        }
        else if ($password == "")
        {
            echo "Field password is empty!";
        }
	else if ($email == "")
	{
	    echo "Field email is empty!";
	}
	else if (mysql_num_rows($check_email) != NULL)
	{
	    echo "Email is already used";
	}
        else if (check_for_symbols($_POST[password]) == TRUE)
        {
            echo "Error with creating account: password has invalid symbols in it.";
        }
        else if (check_for_symbols($username) == TRUE)
        {
            echo "Error with creating account: username has invalid symbols in it.";
        }
        else if (mysql_num_rows($check_username) != NULL)
        {
            echo "Error with creating account: name is already in use.";
        }
	else if ($password != $password2)
	{
	    echo "Passwords not matches!";
	}
        else
        {
            $username = mysql_real_escape_string($username);
	    $password = mysql_real_escape_string($password);
	    $expansionnumber = mysql_real_escape_string($expansionnumber); // adding it anyway
	    $email = mysql_real_escape_string($email);
            mysql_query("INSERT INTO account (username, sha_pass_hash, expansion, email) VALUES ('$username','$password','$expansionnumber','$email')");
			echo "Account created.";
        }
    }
	else
	{
	?>
        <html>
		<head>
		<?php echo "<title>$server_name</title>"; ?>
		</head>
		<body>
		<center>
		<big>Registration</big>
        <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
		<table border="0" width="290px">
			<tr>
				<td>Username</td>
				<td><input type="text" name="username"/></td>
			</tr>
			<tr>
				<td>Password</td>
				<td><input type="password" name="password"/></td>
			</tr>
			<tr>
				<td>Retype Password</td>
				<td><input type="password" name="password2"/></td>
			</tr>
			<tr>
				<td>Email</td>
				<td><input type="email" name="email"/></td>
			</tr>
		</table>
			Expansion Selection
				<select name="expansion">
					<option value="0">Classic</option>
					<option value="1">The Burning Crusade</option>
					<option value="2">Wrath of the Lich King</option>
					<option value="3">Cataclysm</option>
				</select><br />
				<input alt="Register" type="submit" name="registration"/>
        </form>
		</center>
		</body>
        </html>
	<?php
	}
}
?>
  • 4 months later...
  • 2 weeks later...
Posted

function check_for_symbols($string)
{
$len=strlen($string);
$allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))
return TRUE;
return FALSE;
}
to:

function check_for_symbols($string)
 
{
    if(preg_replace("([^A-Za-z0-9])", "", $string) != $string)
        return false;
    return true;
}

function sha_password($user,$pass)
{
$user = strtoupper($user);
$pass = strtoupper($pass);
return SHA1($user.':'.$pass);
}
small clean up:

function sha_password($user,$pass)
 
{
    return sha1(strtoupper($user.':'.$pass));
}

if ($host != "" && $user != "" && $pass != "" && $auth != "")
to:

if(!empty($host) AND !empty($user) AND !empty($pass) AND !empty($auth))
<?php
$server_ip = "127.0.0.1"; // Server ip
to:

<?php
 
error_reporting(0);
$server_ip = "127.0.0.1"; // Server ip

    	if ($username == "")
    	{
        	echo "Field username is empty!";
    	}
    	else if ($password == "")
    	{
        	echo "Field password is empty!";
    	}
    	else if ($email == "")
    	{
        	echo "Field email is empty!";
    	}
    	else if (mysql_num_rows($check_email) != NULL)
    	{
        	echo "Email is already used";
    	}
    	else if (check_for_symbols($_POST[password]) == TRUE)
    	{
        	echo "Error with creating account: password has invalid symbols in it.";
    	}
    	else if (check_for_symbols($username) == TRUE)
    	{
        	echo "Error with creating account: username has invalid symbols in it.";
    	}
    	else if (mysql_num_rows($check_username) != NULL)
    	{
        	echo "Error with creating account: name is already in use.";
    	}
    	else if ($password != $password2)
    	{
        	echo "Passwords not matches!";
    	}
change to:

       if (empty($username))
        	$err[] = "Field username is empty!";
        if (empty($password) or empty($password2))
        	$err[] = "Field password is empty!";
        if (empty($email))
        	$err[] = "Field email is empty!";
        if (mysql_num_rows($check_email) /* not need 0 = false */ != NULL)
            $err[] = "Email is already used";
    	// Password can have all chars, in db is in sha1
    	//elseif (check_for_symbols($_POST[password]) == TRUE)
    	//{
    	//	echo "Error with creating account: password has invalid symbols in it.";
    	//}
        if (check_for_symbols($username) == TRUE)
        	$err[] = "Error with creating account: username has invalid symbols in it.";
        if (mysql_num_rows($check_username) != NULL)
        	$err[] = "Error with creating account: name is already in use.";
        if ($password != $password2)
        	$err[] = "Passwords not matches!";
    	if(isset($err) and is_array($err))
    	{
        	echo "<ul>";
        	foreach($err as $i => $var)
			{
            	echo "<li>{$var}</li>";
			}
        	echo "</ul>";
        	exit;
    	}

Code written on fast, no tested. Small clean up

  • 2 weeks later...
Posted

Why don't use just

sha1(strtoupper($username . ": ".  $_POST['password']));
instead of

function sha_password($user,$pass)
and don't compare new $password and $password2 but just $_POST['password'] and $_POST['password2'] ?
  • 4 weeks later...
Posted

error_reporting(0);
$server_ip = "127.0.0.1"; // Server ip
this is bad idea... all errors or warnings are important, for example, here is similar thing, like as to drive with broken car.

in php here same symbols of and and if operators

and = &&

 
or = ||
  • 2 weeks later...
  • 6 months later...
Posted

And for login? :) Someone can share a login script for both WOTLK and Cataclysm (I mean for expansion 2 and 3). Thank you. For Login script you just need to connect to auth, right? Who can help me?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.