CoRnNuB Posted August 30, 2010 Share Posted August 30, 2010 i found this register.php on here but its not working ive changed it form v1 to v2 can some one tell me were i went wrong <?php session_start(); print "<html> <head> <title>Aimed-Mafia</title> <style> body { font-family:Verdana;font-size:9pt;color: #777777; background-color:#222222; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; } a:visited,a:active,a:hover,a:link { color: #999999;text-decoration: none; } table,tr,td { font-size:9pt; } img { border:none; } input, textbox { font-family: Kristen ITC; font-size: 11; background-color: #c0c0c0; border: 1px solid purple; padding-bottom: 3px; } table { border: red; background: #222222; position: center; padding: 5; } </style> </head> <body><center>[img=http://i201.photobucket.com/albums/aa73/aimed_mafia/aimed-mafia-2.jpg]</center> "; $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if(file_exists('ipbans/'.$ip)) { die("[b]<font color=red size=+1>Your IP has been banned, there is no way around this.</font>[/b]</body></html>"); } require "$db->.php"; global $c; if($_POST['username']) { $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; } $username=$_POST['username']; $username=str_replace(array("<", ">"), array("<", ">"), $username); $q=mysql_query("SELECT * FROM users WHERE username='{$username}'",$c); if(mysql_num_rows($q)) { print "Username already in use. Choose another."; } else if($_POST['password'] != $_POST['cpassword']) { print "The passwords did not match, go back and try again."; } else { $_POST['ref'] = abs((int) $_POST['ref']); $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $q=mysql_query("SELECT * FROM users WHERE lastip='$ip' AND userid={$_POST['ref']}",$c); if(mysql_num_rows($q)) { die("No creating referral multies. Bad dog."); } if($_POST['ref']) { $q=mysql_query("SELECT * FROM users WHERE userid={$_POST['ref']}",$c); $r=mysql_fetch_row($q); } mysql_query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $sm, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, 'Male', unix_timestamp(), '{$_POST['email']}', -1, '$ip')", $c); $i=mysql_insert_id($c); mysql_query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)", $c); if($_POST['ref']) { require "global_func.php"; mysql_query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}",$c); event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c); mysql_query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$ip')", $c); } print "<center>You Have Now Signed Up To Aimed-Mafia. > [url='Ruless.php']Rules [Please Read First Then You May Login][/url]"; } } else { print "<center><h3>Aimed-Mafia Registration</h3></center>"; print "<center><table border='2' cellpadding='3' cellspacing='3' width='60%'> </tr><tr><td><form action=register.php method=post>Username:</td><td> <input type=text name=username> <center><abbrv title='Make Sure You Remember This, You Will Need This To Logg In To Aimed-Mafia'>{?}</abbrv></center></td> </tr><tr><td>Password: </td><td><input type=password name=password> <center><abbrv title='You Need To Remember This And Dont Give It To Anyone REMEBER: Staff Will Never Ask For Your Password'>{?}</abbrv></center></td> </tr><tr><td>Confirm Password:</td><td> <input type=password name=cpassword> <center><abbrv title='Please Re-Write Your Password You Entered Above'>{?}</abbrv></center></td> </tr><tr><td>Email:</td><td> <input type=text name=email> <center><abbrv title='Just Incase We Need To Contact You REMEBER: We Will Never Re-Sale Your E-mail'>{?}</abbrv></center></td> </tr><tr><td>Promo Code:</td><td> <input type=text name=promo> <center><abbrv title='If Unknown Please Leave Blank'>{?}</abbrv></center></td></table></center> <input type=hidden name=ref value='"; if($_GET['REF']) { print $_GET['REF']; } print "'> <center><input type=submit value=Join></form> > [url='login.php']Go Back[/url]</center>"; } print "</body></html>"; ?> i keep getting thses errorsWarning: require(->.php) [function.require]: failed to open stream: No such file or directory in /home/streets1/public_html/register.php on line 41 Fatal error: require() [function.require]: Failed opening required '->.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/streets1/public_html/register.php on line 41 Quote Link to comment Share on other sites More sharing options...
danger boy Posted August 30, 2010 Share Posted August 30, 2010 The error is saying there is no such file on line 41 which is "$db->.php" Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted August 30, 2010 Author Share Posted August 30, 2010 well i was given a link to convert it from V1 to V2 have i made a mistake tha someone could help me with Quote Link to comment Share on other sites More sharing options...
Djkanna Posted August 30, 2010 Share Posted August 30, 2010 What you did is replaced every instance of mysql with $db->.. Which means require "mysql.php"; turned into require "$db->.php"; It's easy to do, even though with a register all you really need to do is alter the queries (I'm sure V2 has more things user based than V1/Lite do) The rest you can leave (of course get rid of the V1 mess at the top and replace with the v2 snippet). Quote Link to comment Share on other sites More sharing options...
Matthew Posted August 30, 2010 Share Posted August 30, 2010 Fixed it. <?php session_start(); print "<html> <head> <title>Aimed-Mafia</title> <style> body { font-family:Verdana;font-size:9pt;color: #777777; background-color:#222222; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; } a:visited,a:active,a:hover,a:link { color: #999999;text-decoration: none; } table,tr,td { font-size:9pt; } img { border:none; } input, textbox { font-family: Kristen ITC; font-size: 11; background-color: #c0c0c0; border: 1px solid purple; padding-bottom: 3px; } table { border: red; background: #222222; position: center; padding: 5; } </style> </head> <body><center>[img=http://i201.photobucket.com/albums/aa73/aimed_mafia/aimed-mafia-2.jpg]</center> "; $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if(file_exists('ipbans/'.$ip)) { die("[b]<font color=red size=+1>Your IP has been banned, there is no way around this.</font>[/b]</body></html>"); } require "global_func.php"; global $c; if($_POST['username']) { $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; } $username=$_POST['username']; $username=str_replace(array("<", ">"), array("<", ">"), $username); $q=$db->query("SELECT * FROM users WHERE username='{$username}'",$c); if(mysql_num_rows($q)) { print "Username already in use. Choose another."; } else if($_POST['password'] != $_POST['cpassword']) { print "The passwords did not match, go back and try again."; } else { $_POST['ref'] = abs((int) $_POST['ref']); $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $q=$db->query("SELECT * FROM users WHERE lastip='$ip' AND userid={$_POST['ref']}",$c); if(mysql_num_rows($q)) { die("No creating referral multies. Bad dog."); } if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}",$c); $r=$db->fetch_row($q); } $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $sm, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, 'Male', unix_timestamp(), '{$_POST['email']}', -1, '$ip')", $c); $i=mysql_insert_id($c); $db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)", $c); if($_POST['ref']) { require "global_func.php"; $db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}",$c); event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c); $db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$ip')", $c); } print "<center>You Have Now Signed Up To Aimed-Mafia. > [url='Ruless.php']Rules [Please Read First Then You May Login][/url]"; } } else { print "<center><h3>Aimed-Mafia Registration</h3></center>"; print "<center><table border='2' cellpadding='3' cellspacing='3' width='60%'> </tr><tr><td><form action=register.php method=post>Username:</td><td> <input type=text name=username> <center><abbrv title='Make Sure You Remember This, You Will Need This To Logg In To Aimed-Mafia'>{?}</abbrv></center></td> </tr><tr><td>Password: </td><td><input type=password name=password> <center><abbrv title='You Need To Remember This And Dont Give It To Anyone REMEBER: Staff Will Never Ask For Your Password'>{?}</abbrv></center></td> </tr><tr><td>Confirm Password:</td><td> <input type=password name=cpassword> <center><abbrv title='Please Re-Write Your Password You Entered Above'>{?}</abbrv></center></td> </tr><tr><td>Email:</td><td> <input type=text name=email> <center><abbrv title='Just Incase We Need To Contact You REMEBER: We Will Never Re-Sale Your E-mail'>{?}</abbrv></center></td> </tr><tr><td>Promo Code:</td><td> <input type=text name=promo> <center><abbrv title='If Unknown Please Leave Blank'>{?}</abbrv></center></td></table></center> <input type=hidden name=ref value='"; if($_GET['REF']) { print $_GET['REF']; } print "'> <center><input type=submit value=Join></form> > [url='login.php']Go Back[/url]</center>"; } print "</body></html>"; ?> Your line 41 prob was you didn't require global func so in this register on line 41 or whatever it is require "global_func.php"; not require "$db->.php"; of require "mysql.php"; but yah that should do it for yah! :P Quote Link to comment Share on other sites More sharing options...
Nicholas Posted August 30, 2010 Share Posted August 30, 2010 it might be fixed but thats not secure Mattrew there is 2 hacks i know that could work on this register.php page. 1. auto admin 2. register 10 million users in secounds. Quote Link to comment Share on other sites More sharing options...
Zeggy Posted August 30, 2010 Share Posted August 30, 2010 How do you register 10 million users in seconds? ._. Quote Link to comment Share on other sites More sharing options...
Equinox Posted August 30, 2010 Share Posted August 30, 2010 How do you register 10 million users in seconds? ._. This. I just wouldn't happen. The server would give up way before it hit 10 million, even if it didn't the lag would be huge and the bot couldn't do its job as the page isn't opening. Quote Link to comment Share on other sites More sharing options...
Dayo Posted August 30, 2010 Share Posted August 30, 2010 lol @ register 10 million users in secounds. so to upload the whole userbase of FB would take under 60 seconds? most servers in the world would struggle with 10 million p/second buy again if the game was hosted on servers like google im sure you could but then i doubt any game on here has that setup Quote Link to comment Share on other sites More sharing options...
Zeggy Posted August 30, 2010 Share Posted August 30, 2010 buy again if the game was hosted on servers like google im sure you could but then i doubt any game on here has that setup My game is hosted on google servers ;) I still don't think it can handle 10 million signups in just a few seconds. Besides, it would become very expensive for me. Edit: btw guys, I don't think nicholas meant the 10 mil literally :P Quote Link to comment Share on other sites More sharing options...
Matthew Posted August 30, 2010 Share Posted August 30, 2010 I know it is not secure. It is not my mod. I just made it work for him thats all. I didn't even pay attention to the security of it I needed to get to school!. Quote Link to comment Share on other sites More sharing options...
Nicholas Posted September 4, 2010 Share Posted September 4, 2010 buy again if the game was hosted on servers like google im sure you could but then i doubt any game on here has that setup My game is hosted on google servers ;) I still don't think it can handle 10 million signups in just a few seconds. Besides, it would become very expensive for me. Edit: btw guys, I don't think nicholas meant the 10 mil literally :P lol, nope didnt mean literally 10 million users in secounds but i can do good few hundred in few secounds. just saying. lol. best way to stop that mutliple accoumt sign-up hack is to use a capthca. and the auto admin thing is to change $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; into $ip = $_SERVER['REMOTE_ADDR']; Quote Link to comment Share on other sites More sharing options...
Joshua Posted September 4, 2010 Share Posted September 4, 2010 And at the very least add $_GET['REF'] = abs((int) $_GET['REF'] Lets not forget about your $username variable which is highly unsecure, and / or your password variable of md5 encrytpion...eh.... I'msure i can find more >,< Quote Link to comment Share on other sites More sharing options...
Equinox Posted September 4, 2010 Share Posted September 4, 2010 And at the very least add $_GET['REF'] = abs((int) $_GET['REF'] Lets not forget about your $username variable which is highly unsecure, and / or your password variable of md5 encrytpion...eh.... I'msure i can find more >,< I'd do it this way, but that's just me xD if(isset($_GET['REF']) && ctype_digit($_GET['REF'])) { echo $_GET['REF']; } Obviously there are other ways and stuff but it does the job. 'Tis just an example anyway =] I won't go through the usernames and stuff, as I done that in another thread already -.- Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.