Jump to content
MakeWebGames

Need help!!


TheMafia!
 Share

Recommended Posts

ok, i have a validation script but i need help ,

every thing works on the script but when i register an account and go to my hotmail to confirm it, it says you have activated you account but when i login with the password that i used it dont let me login ,

here is the validate scrpit

<?php
session_start();
require "mysql.php";
global $c;
if ( $_GET['act'] == 'val')
{
$q=mysql_query("SELECT * FROM validating WHERE vdID='{$_GET['token']}'", $c);
if (!mysql_num_rows($q))
{
die("Invalid account");
}
$r=mysql_fetch_array($q);
$password = strip_tags($_POST['vdPASSW']);
$password=md5($password);
$username=($r['vdUSERN']);
$email=($r['vdEMAIL']);
$money=($r['vdMONEY']);
mysql_query("INSERT INTO users (userid, username, login_name, userpass, level, money, 
   goldbars, donatordays, user_level, energy, maxenergy, will, maxwill, brave, 
   maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, 
   Steps) VALUES('', '{$username}', '{$username}', md5('{$_POST['password']}'), 1, 
   100, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, 'Male', unix_timestamp(), 
   '{$email}', -1, 10)", $c);
      $i=mysql_insert_id($c);

      mysql_query("INSERT INTO userstats VALUES($i,10,10,10,10,10,10)",$c); 
mysql_query("DELETE FROM validating WHERE vdID='{$_GET['token']}'", $c);
print "Account validated!

[url='login.php']> Login[/url]";
}
else
{
mysql_query("DELETE FROM validating WHERE vdID='{$_GET['token']}'", $c);
print "Registration Cancelled.";
}
?>

 

does any one know how to fix this so i can login with the password that i used

Link to comment
Share on other sites

Re: Need help!!

You have far bigger problems than that. You have completely opened the door to sql injection there TheMafia...

There's tons of posts about securing that sort of thing, so I'll leave it to you to search for mysql_real_escape_string in the forum and the php site.

$q=mysql_query("SELECT * FROM validating WHERE vdID='{$_GET['token']}'", $c);

Is one of the lines susceptible to the inject. Wide open....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...