CoRnNuB Posted September 3, 2010 Share Posted September 3, 2010 someone just got on my game with a name drop user tables so they got rid of all the users what do i have to do to ensure that dosnt happen again Quote Link to comment Share on other sites More sharing options...
Equinox Posted September 3, 2010 Share Posted September 3, 2010 Secure your game, firstly I'd think about your register and preferences. If someone is putting there name as harmful data, I'd target these first... In register and preferences, you would need to check name length first, lets say 15 characters? if(strlen($_POST['username']) > 15) { echo 'Your username is too long, you are only allowed 15 characters'; exit($h->endpage()); } And now we need to ensure their username is safe, you can do this in many ways, but I'd suggest preg_match() and regex if(!preg_match("/[a-zA-Z0-9_]+/" , $_POST['username'])) { echo 'Your username may only contain letters, numbers and underscores'; exit($h->endpage()); } *note, my regex is not perfect and I always hated doing it You may also want to limit them to a minimum of 3 characters in their name, other ways of ensuring their usernames could be: if(isset($_POST['username']) && is_string($_POST['username'])) { //checks if username is set and is a string echo 'Win.'; } else { echo 'Fail.'; } The last method isn't really the best check, it's not as extensive Hope this helps Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 i did what u said on register.php but now theres an error when someone tries to sign up could u fix this for me heres the code <?php include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } //thx to [url]http://www.phpit.net/code/valid-email/[/url] for valid_email function valid_email($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } session_start(); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Game name here</title> <script type="text/javascript"> var xmlHttp // xmlHttp variable function GetXmlHttpObject(){ // This function we will use to call our xmlhttpobject. var objXMLHttp=null // Sets objXMLHttp to null as default. if (window.XMLHttpRequest){ // If we are using Netscape or any other browser than IE lets use xmlhttp. objXMLHttp=new XMLHttpRequest() // Creates a xmlhttp request. }else if (window.ActiveXObject){ // ElseIf we are using IE lets use Active X. objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP") // Creates a new Active X Object. } // End ElseIf. return objXMLHttp // Returns the xhttp object. } // Close Function function CheckPasswords(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="check.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("passwordresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckUsername(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkun.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("usernameresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckEmail(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkem.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("emailresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function PasswordMatch() { pwt1=document.getElementById('pw1').value; pwt2=document.getElementById('pw2').value; if(pwt1 == pwt2) { document.getElementById('cpasswordresult').innerHTML="<font color='green'>OK</font>"; } else { document.getElementById('cpasswordresult').innerHTML="<font color='red'>Not Matching</font>"; } } </script> <style type="text/css"> body { background:url(bg.jpg) repeat-x; background-color: #0A0A0C; margin-top: 0px; margin-bottom: 0px; font-family:calibri, helvetica, arial, geneva, sans-serif; font-size:12px; color: #4169E1; } input{ margin: 2px; } a:visited,a:active,a:hover,a:link { color: #4169E1; text-decoration: none; } img { border:none; } .stats1 { color: #4169E1; } .header{ margin: 0px auto 120px auto; } .main{ margin: 0px auto 0px; auto; } </style> </head> <body onload="getme();"> <table width="800" border="0" cellpadding="0" cellspacing="0" class="header"> <tr align="center" class="stats1"> <td></td> </tr> <tr> <td colspan="1" align="center">[img=Streetsoldiers.png]</td> </tr> </table> <table width="900" border="0" cellpadding="0" cellspacing="0" class="main"> <tr><td align="center"> EOF; $IP = $_SERVER['REMOTE_ADDR']; $IP=addslashes($IP); $IP=mysql_real_escape_string($IP); $IP=strip_tags($IP); if(file_exists('ipbans/'.$IP)) { die("[b]<font color=red size=+1>Your IP has been banned, there is no way around this.</font>[/b]</body></html>"); } if($_POST['username']) { if($set['regcap_on']) { if(!$_SESSION['captcha'] or $_SESSION['captcha'] != $_POST['captcha']) { unset($_SESSION['captcha']); die("Captcha Test Failed >[url='register.php']Back[/url]"); } unset($_SESSION['captcha']); } if(!valid_email($_POST['email'])) { die("Sorry, the email is invalid. >[url='register.php']Back[/url]"); } if(strlen($_POST['username']) > 15) { echo 'Your username is too long, you are only allowed 15 characters'; exit($h->endpage()); } >[url='register.php']Back[/url]"); } $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; } $username=$_POST['username']; $username=str_replace(array("<", ">"), array("<", ">"), $username); $q=$db->query("SELECT * FROM users WHERE username='{$username}' OR login_name='{$username}'"); $q2=$db->query("SELECT * FROM users WHERE email='{$_POST['email']}'"); if($db->num_rows($q)) { print "Username already in use. Choose another. >[url='register.php']Back[/url]"; } else if($db->num_rows($q2)) { print "E-Mail already in use. Choose another. >[url='register.php']Back[/url]"; } else if($_POST['password'] != $_POST['cpassword']) { print "The passwords did not match, go back and try again. >[url='register.php']Back[/url]"; } else { $_POST['ref'] = abs((int) $_POST['ref']); $IP = $_SERVER['REMOTE_ADDR']; $q=$db->query("SELECT * FROM users WHERE lastip='$IP' AND userid={$_POST['ref']}"); if($db->num_rows($q)) { die("No creating referral multies. Bad dog. >[url='register.php']Back[/url]"); } if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}"); $r=$db->fetch_row($q); } $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $sm, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1, '$IP', '$IP')"); $i=$db->insert_id(); $db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)"); if($_POST['ref']) { require "global_func.php"; $db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}"); event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c); $db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$IP')"); } $time = time(); print "You have signed up, enjoy the game. > [url='login.php']Login[/url]"; } } else { if($set['regcap_on']) { $chars="123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!?\\/%^"; $len=strlen($chars); $_SESSION['captcha']=""; for($i=0;$i<6;$i++) $_SESSION['captcha'].=$chars[rand(0, $len - 1)]; } print "<h3>{$set['game_name']} Registration</h3>"; print "<form action=register.php method=post> <table width='75%' class='table' cellspacing='1'> <tr> <td width='30%'>Username</td> <td width='40%'><input type=text name=username onkeyup='CheckUsername(this.value);'></td> <td width='30%'><div id='usernameresult'></div></td> </tr> <tr> <td>Password</td> <td><input type=password id='pw1' name=password onkeyup='CheckPasswords(this.value);PasswordMatch();'></td> <td><div id='passwordresult'></div></td> </tr> <tr> <td>Confirm Password</td><td><input type=password name=cpassword id='pw2' onkeyup='PasswordMatch();'></td> <td><div id='cpasswordresult'></div></td> </tr> <tr> <td>Email</td><td><input type=text name=email onkeyup='CheckEmail(this.value);'></td> <td><div id='emailresult'></div></td> </tr> <tr> <td>Gender</td> <td colspan='2'><select name='gender' type='dropdown'> <option value='Male'>Male <option value='Female'>Female</select></td> </tr> <tr> <td>Refrernce Code</td><td colspan=2><input type=text name=promo></td> </tr> <input type=hidden name=ref value='"; if($_GET['REF']) { print $_GET['REF']; } print "' />"; if($set['regcap_on']) { print "<tr> <td colspan=3>[img=captcha_verify.php?bgcolor=C3C3C3] <input type='text' name='captcha' /></td> </tr>"; } print " <tr> <td colspan=3 align=center><input type=submit value=Submit></td> </tr> </table> </form> > [url='login.php']Go Back[/url]"; } print <<<OUT </td></tr> </table> </body> </html> OUT; ?> Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 its says error on line 206 but that loooks fine Parse error: syntax error, unexpected '>' in /home/streets1/public_html/register.php on line 206 Quote Link to comment Share on other sites More sharing options...
Equinox Posted September 3, 2010 Share Posted September 3, 2010 <?php include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } //thx to [url]http://www.phpit.net/code/valid-email/[/url] for valid_email function valid_email($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } session_start(); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Game name here</title> <script type="text/javascript"> var xmlHttp // xmlHttp variable function GetXmlHttpObject(){ // This function we will use to call our xmlhttpobject. var objXMLHttp=null // Sets objXMLHttp to null as default. if (window.XMLHttpRequest){ // If we are using Netscape or any other browser than IE lets use xmlhttp. objXMLHttp=new XMLHttpRequest() // Creates a xmlhttp request. }else if (window.ActiveXObject){ // ElseIf we are using IE lets use Active X. objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP") // Creates a new Active X Object. } // End ElseIf. return objXMLHttp // Returns the xhttp object. } // Close Function function CheckPasswords(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="check.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("passwordresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckUsername(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkun.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("usernameresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckEmail(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkem.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("emailresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function PasswordMatch() { pwt1=document.getElementById('pw1').value; pwt2=document.getElementById('pw2').value; if(pwt1 == pwt2) { document.getElementById('cpasswordresult').innerHTML="<font color='green'>OK</font>"; } else { document.getElementById('cpasswordresult').innerHTML="<font color='red'>Not Matching</font>"; } } </script> <style type="text/css"> body { background:url(bg.jpg) repeat-x; background-color: #0A0A0C; margin-top: 0px; margin-bottom: 0px; font-family:calibri, helvetica, arial, geneva, sans-serif; font-size:12px; color: #4169E1; } input{ margin: 2px; } a:visited,a:active,a:hover,a:link { color: #4169E1; text-decoration: none; } img { border:none; } .stats1 { color: #4169E1; } .header{ margin: 0px auto 120px auto; } .main{ margin: 0px auto 0px; auto; } </style> </head> <body onload="getme();"> <table width="800" border="0" cellpadding="0" cellspacing="0" class="header"> <tr align="center" class="stats1"> <td></td> </tr> <tr> <td colspan="1" align="center">[img=Streetsoldiers.png]</td> </tr> </table> <table width="900" border="0" cellpadding="0" cellspacing="0" class="main"> <tr><td align="center"> EOF; $IP = $_SERVER['REMOTE_ADDR']; $IP=addslashes($IP); $IP=mysql_real_escape_string($IP); $IP=strip_tags($IP); if(file_exists('ipbans/'.$IP)) { die("[b]<font color=red size=+1>Your IP has been banned, there is no way around this.</font>[/b]</body></html>"); } if(isset($_POST['username'])) { if($set['regcap_on']) { if(!$_SESSION['captcha'] or $_SESSION['captcha'] != $_POST['captcha']) { unset($_SESSION['captcha']); die("Captcha Test Failed >[url='register.php']Back[/url]"); } unset($_SESSION['captcha']); } if(!valid_email($_POST['email'])) { die("Sorry, the email is invalid. >[url='register.php']Back[/url]"); } if(strlen($_POST['username']) > 15) { echo 'Your username is too long, you are only allowed 15 characters <a href = "register.php">Back</a>'; exit($h->endpage()); } if(!preg_match("/[a-zA-Z0-9_]+/",$_POST['username'])) { echo 'Your username may only contain letters, numbers and underscores <a href = "register.php">Back</a>'; exit($h->endpage()); } } $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; } $username=$_POST['username']; $username=str_replace(array("<", ">"), array("<", ">"), $username); $q=$db->query("SELECT * FROM users WHERE username='{$username}' OR login_name='{$username}'"); $q2=$db->query("SELECT * FROM users WHERE email='{$_POST['email']}'"); if($db->num_rows($q)) { print "Username already in use. Choose another. >[url='register.php']Back[/url]"; } else if($db->num_rows($q2)) { print "E-Mail already in use. Choose another. >[url='register.php']Back[/url]"; } else if($_POST['password'] != $_POST['cpassword']) { print "The passwords did not match, go back and try again. >[url='register.php']Back[/url]"; } else { $_POST['ref'] = abs((int) $_POST['ref']); $IP = $_SERVER['REMOTE_ADDR']; $q=$db->query("SELECT * FROM users WHERE lastip='$IP' AND userid={$_POST['ref']}"); if($db->num_rows($q)) { die("No creating referral multies. Bad dog. >[url='register.php']Back[/url]"); } if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}"); $r=$db->fetch_row($q); } $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $sm, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1, '$IP', '$IP')"); $i=$db->insert_id(); $db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)"); if($_POST['ref']) { require "global_func.php"; $db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}"); event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c); $db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$IP')"); } $time = time(); print "You have signed up, enjoy the game. > [url='login.php']Login[/url]"; } } else { if($set['regcap_on']) { $chars="123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!?\\/%^"; $len=strlen($chars); $_SESSION['captcha']=""; for($i=0;$i<6;$i++) $_SESSION['captcha'].=$chars[rand(0, $len - 1)]; } print "<h3>{$set['game_name']} Registration</h3>"; print "<form action=register.php method=post> <table width='75%' class='table' cellspacing='1'> <tr> <td width='30%'>Username</td> <td width='40%'><input type=text name=username onkeyup='CheckUsername(this.value);'></td> <td width='30%'><div id='usernameresult'></div></td> </tr> <tr> <td>Password</td> <td><input type=password id='pw1' name=password onkeyup='CheckPasswords(this.value);PasswordMatch();'></td> <td><div id='passwordresult'></div></td> </tr> <tr> <td>Confirm Password</td><td><input type=password name=cpassword id='pw2' onkeyup='PasswordMatch();'></td> <td><div id='cpasswordresult'></div></td> </tr> <tr> <td>Email</td><td><input type=text name=email onkeyup='CheckEmail(this.value);'></td> <td><div id='emailresult'></div></td> </tr> <tr> <td>Gender</td> <td colspan='2'><select name='gender' type='dropdown'> <option value='Male'>Male <option value='Female'>Female</select></td> </tr> <tr> <td>Refrernce Code</td><td colspan=2><input type=text name=promo></td> </tr> <input type=hidden name=ref value='"; if($_GET['REF']) { print $_GET['REF']; } print "' />"; if($set['regcap_on']) { print "<tr> <td colspan=3>[img=captcha_verify.php?bgcolor=C3C3C3] <input type='text' name='captcha' /></td> </tr>"; } print " <tr> <td colspan=3 align=center><input type=submit value=Submit></td> </tr> </table> </form> > [url='login.php']Go Back[/url]"; } print <<<OUT </td></tr> </table> </body> </html> OUT; ?> Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 the thing is how much do you charge Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 and btw that register.php dosnt work either Quote Link to comment Share on other sites More sharing options...
Equinox Posted September 3, 2010 Share Posted September 3, 2010 the thing is how much do you charge Huh? What are you going on about? And what's the new error with register? Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 the new error is Parse error: syntax error, unexpected T_ELSE in /home/streets1/public_html/register.php on line 264 Quote Link to comment Share on other sites More sharing options...
Equinox Posted September 3, 2010 Share Posted September 3, 2010 <?php include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } //thx to [url]http://www.phpit.net/code/valid-email/[/url] for valid_email function valid_email($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } session_start(); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Game name here</title> <script type="text/javascript"> var xmlHttp // xmlHttp variable function GetXmlHttpObject(){ // This function we will use to call our xmlhttpobject. var objXMLHttp=null // Sets objXMLHttp to null as default. if (window.XMLHttpRequest){ // If we are using Netscape or any other browser than IE lets use xmlhttp. objXMLHttp=new XMLHttpRequest() // Creates a xmlhttp request. }else if (window.ActiveXObject){ // ElseIf we are using IE lets use Active X. objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP") // Creates a new Active X Object. } // End ElseIf. return objXMLHttp // Returns the xhttp object. } // Close Function function CheckPasswords(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="check.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("passwordresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckUsername(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkun.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("usernameresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckEmail(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkem.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("emailresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function PasswordMatch() { pwt1=document.getElementById('pw1').value; pwt2=document.getElementById('pw2').value; if(pwt1 == pwt2) { document.getElementById('cpasswordresult').innerHTML="<font color='green'>OK</font>"; } else { document.getElementById('cpasswordresult').innerHTML="<font color='red'>Not Matching</font>"; } } </script> <style type="text/css"> body { background:url(bg.jpg) repeat-x; background-color: #0A0A0C; margin-top: 0px; margin-bottom: 0px; font-family:calibri, helvetica, arial, geneva, sans-serif; font-size:12px; color: #4169E1; } input{ margin: 2px; } a:visited,a:active,a:hover,a:link { color: #4169E1; text-decoration: none; } img { border:none; } .stats1 { color: #4169E1; } .header{ margin: 0px auto 120px auto; } .main{ margin: 0px auto 0px; auto; } </style> </head> <body onload="getme();"> <table width="800" border="0" cellpadding="0" cellspacing="0" class="header"> <tr align="center" class="stats1"> <td></td> </tr> <tr> <td colspan="1" align="center">[img=Streetsoldiers.png]</td> </tr> </table> <table width="900" border="0" cellpadding="0" cellspacing="0" class="main"> <tr><td align="center"> EOF; $IP = $_SERVER['REMOTE_ADDR']; $IP=addslashes($IP); $IP=mysql_real_escape_string($IP); $IP=strip_tags($IP); if(file_exists('ipbans/'.$IP)) { die("[b]<font color=red size=+1>Your IP has been banned, there is no way around this.</font>[/b]</body></html>"); } if(isset($_POST['username'])) { if($set['regcap_on']) { if(!$_SESSION['captcha'] or $_SESSION['captcha'] != $_POST['captcha']) { unset($_SESSION['captcha']); die("Captcha Test Failed >[url='register.php']Back[/url]"); } unset($_SESSION['captcha']); } if(!valid_email($_POST['email'])) { die("Sorry, the email is invalid. >[url='register.php']Back[/url]"); } if(strlen($_POST['username']) > 15) { echo 'Your username is too long, you are only allowed 15 characters <a href = "register.php">Back</a>'; exit($h->endpage()); } if(!preg_match("/[a-zA-Z0-9_]+/",$_POST['username'])) { echo 'Your username may only contain letters, numbers and underscores <a href = "register.php">Back</a>'; exit($h->endpage()); } $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; } $username=$_POST['username']; $username=str_replace(array("<", ">"), array("<", ">"), $username); $q=$db->query("SELECT * FROM users WHERE username='{$username}' OR login_name='{$username}'"); $q2=$db->query("SELECT * FROM users WHERE email='{$_POST['email']}'"); if($db->num_rows($q)) { print "Username already in use. Choose another. >[url='register.php']Back[/url]"; } else if($db->num_rows($q2)) { print "E-Mail already in use. Choose another. >[url='register.php']Back[/url]"; } else if($_POST['password'] != $_POST['cpassword']) { print "The passwords did not match, go back and try again. >[url='register.php']Back[/url]"; } else { $_POST['ref'] = abs((int) $_POST['ref']); $IP = $_SERVER['REMOTE_ADDR']; $q=$db->query("SELECT * FROM users WHERE lastip='$IP' AND userid={$_POST['ref']}"); if($db->num_rows($q)) { die("No creating referral multies. Bad dog. >[url='register.php']Back[/url]"); } if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}"); $r=$db->fetch_row($q); } $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $sm, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1, '$IP', '$IP')"); $i=$db->insert_id(); $db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)"); if($_POST['ref']) { require "global_func.php"; $db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}"); event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c); $db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$IP')"); } $time = time(); print "You have signed up, enjoy the game. > [url='login.php']Login[/url]"; } } else { if($set['regcap_on']) { $chars="123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!?\\/%^"; $len=strlen($chars); $_SESSION['captcha']=""; for($i=0;$i<6;$i++) $_SESSION['captcha'].=$chars[rand(0, $len - 1)]; } print "<h3>{$set['game_name']} Registration</h3>"; print "<form action=register.php method=post> <table width='75%' class='table' cellspacing='1'> <tr> <td width='30%'>Username</td> <td width='40%'><input type=text name=username onkeyup='CheckUsername(this.value);'></td> <td width='30%'><div id='usernameresult'></div></td> </tr> <tr> <td>Password</td> <td><input type=password id='pw1' name=password onkeyup='CheckPasswords(this.value);PasswordMatch();'></td> <td><div id='passwordresult'></div></td> </tr> <tr> <td>Confirm Password</td><td><input type=password name=cpassword id='pw2' onkeyup='PasswordMatch();'></td> <td><div id='cpasswordresult'></div></td> </tr> <tr> <td>Email</td><td><input type=text name=email onkeyup='CheckEmail(this.value);'></td> <td><div id='emailresult'></div></td> </tr> <tr> <td>Gender</td> <td colspan='2'><select name='gender' type='dropdown'> <option value='Male'>Male <option value='Female'>Female</select></td> </tr> <tr> <td>Refrernce Code</td><td colspan=2><input type=text name=promo></td> </tr> <input type=hidden name=ref value='"; if($_GET['REF']) { print $_GET['REF']; } print "' />"; if($set['regcap_on']) { print "<tr> <td colspan=3>[img=captcha_verify.php?bgcolor=C3C3C3] <input type='text' name='captcha' /></td> </tr>"; } print " <tr> <td colspan=3 align=center><input type=submit value=Submit></td> </tr> </table> </form> > [url='login.php']Go Back[/url]"; } print <<<OUT </td></tr> </table> </body> </html> OUT; ?> Tested on localhost, works fine. Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 yea it works now thanks for your help Quote Link to comment Share on other sites More sharing options...
CoRnNuB Posted September 3, 2010 Author Share Posted September 3, 2010 just another problem ow i see if u can use more then 15 carracters but now u can and i get this Your username is too long, you are only allowed 15 characters Back Fatal error: Call to a member function endpage() on a non-object in /home/streets1/public_html/register.php on line 204 Quote Link to comment Share on other sites More sharing options...
Equinox Posted September 3, 2010 Share Posted September 3, 2010 <?php include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } //thx to [url]http://www.phpit.net/code/valid-email/[/url] for valid_email function valid_email($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } session_start(); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Game name here</title> <script type="text/javascript"> var xmlHttp // xmlHttp variable function GetXmlHttpObject(){ // This function we will use to call our xmlhttpobject. var objXMLHttp=null // Sets objXMLHttp to null as default. if (window.XMLHttpRequest){ // If we are using Netscape or any other browser than IE lets use xmlhttp. objXMLHttp=new XMLHttpRequest() // Creates a xmlhttp request. }else if (window.ActiveXObject){ // ElseIf we are using IE lets use Active X. objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP") // Creates a new Active X Object. } // End ElseIf. return objXMLHttp // Returns the xhttp object. } // Close Function function CheckPasswords(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="check.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("passwordresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckUsername(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkun.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("usernameresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function CheckEmail(password){ // This is our fucntion that will check to see how strong the users password is. xmlHttp=GetXmlHttpObject() // Creates a new Xmlhttp object. if (xmlHttp==null){ // If it cannot create a new Xmlhttp object. alert ("Browser does not support HTTP Request") // Alert Them! return // Returns. } // End If. var url="checkem.php?password="+escape(password) // Url that we will use to check the password. xmlHttp.open("GET",url,true) // Opens the URL using GET xmlHttp.onreadystatechange = function () { // This is the most important piece of the puzzle, if onreadystatechange = equal to 4 than that means the request is done. if (xmlHttp.readyState == 4) { // If the onreadystatechange is equal to 4 lets show the response text. document.getElementById("emailresult").innerHTML = xmlHttp.responseText; // Updates the div with the response text from check.php } // End If. }; // Close Function xmlHttp.send(null); // Sends NULL insted of sending data. } // Close Function. function PasswordMatch() { pwt1=document.getElementById('pw1').value; pwt2=document.getElementById('pw2').value; if(pwt1 == pwt2) { document.getElementById('cpasswordresult').innerHTML="<font color='green'>OK</font>"; } else { document.getElementById('cpasswordresult').innerHTML="<font color='red'>Not Matching</font>"; } } </script> <style type="text/css"> body { background:url(bg.jpg) repeat-x; background-color: #0A0A0C; margin-top: 0px; margin-bottom: 0px; font-family:calibri, helvetica, arial, geneva, sans-serif; font-size:12px; color: #4169E1; } input{ margin: 2px; } a:visited,a:active,a:hover,a:link { color: #4169E1; text-decoration: none; } img { border:none; } .stats1 { color: #4169E1; } .header{ margin: 0px auto 120px auto; } .main{ margin: 0px auto 0px; auto; } </style> </head> <body onload="getme();"> <table width="800" border="0" cellpadding="0" cellspacing="0" class="header"> <tr align="center" class="stats1"> <td></td> </tr> <tr> <td colspan="1" align="center">[img=Streetsoldiers.png]</td> </tr> </table> <table width="900" border="0" cellpadding="0" cellspacing="0" class="main"> <tr><td align="center"> EOF; $IP = $_SERVER['REMOTE_ADDR']; $IP=addslashes($IP); $IP=mysql_real_escape_string($IP); $IP=strip_tags($IP); if(file_exists('ipbans/'.$IP)) { die("[b]<font color=red size=+1>Your IP has been banned, there is no way around this.</font>[/b]</body></html>"); } if(isset($_POST['username'])) { if($set['regcap_on']) { if(!$_SESSION['captcha'] or $_SESSION['captcha'] != $_POST['captcha']) { unset($_SESSION['captcha']); die("Captcha Test Failed >[url='register.php']Back[/url]"); } unset($_SESSION['captcha']); } if(!valid_email($_POST['email'])) { die("Sorry, the email is invalid. >[url='register.php']Back[/url]"); } if(strlen($_POST['username']) > 15) { echo 'Your username is too long, you are only allowed 15 characters <a href = "register.php">Back</a>'; exit(); } if(!preg_match("/[a-zA-Z0-9_]+/",$_POST['username'])) { echo 'Your username may only contain letters, numbers and underscores <a href = "register.php">Back</a>'; exit(); } $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; } $username=$_POST['username']; $username=str_replace(array("<", ">"), array("<", ">"), $username); $q=$db->query("SELECT * FROM users WHERE username='{$username}' OR login_name='{$username}'"); $q2=$db->query("SELECT * FROM users WHERE email='{$_POST['email']}'"); if($db->num_rows($q)) { print "Username already in use. Choose another. >[url='register.php']Back[/url]"; } else if($db->num_rows($q2)) { print "E-Mail already in use. Choose another. >[url='register.php']Back[/url]"; } else if($_POST['password'] != $_POST['cpassword']) { print "The passwords did not match, go back and try again. >[url='register.php']Back[/url]"; } else { $_POST['ref'] = abs((int) $_POST['ref']); $IP = $_SERVER['REMOTE_ADDR']; $q=$db->query("SELECT * FROM users WHERE lastip='$IP' AND userid={$_POST['ref']}"); if($db->num_rows($q)) { die("No creating referral multies. Bad dog. >[url='register.php']Back[/url]"); } if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}"); $r=$db->fetch_row($q); } $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $sm, 0, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1, '$IP', '$IP')"); $i=$db->insert_id(); $db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)"); if($_POST['ref']) { require "global_func.php"; $db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}"); event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c); $db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$IP')"); } $time = time(); print "You have signed up, enjoy the game. > [url='login.php']Login[/url]"; } } else { if($set['regcap_on']) { $chars="123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!?\\/%^"; $len=strlen($chars); $_SESSION['captcha']=""; for($i=0;$i<6;$i++) $_SESSION['captcha'].=$chars[rand(0, $len - 1)]; } print "<h3>{$set['game_name']} Registration</h3>"; print "<form action=register.php method=post> <table width='75%' class='table' cellspacing='1'> <tr> <td width='30%'>Username</td> <td width='40%'><input type=text name=username onkeyup='CheckUsername(this.value);'></td> <td width='30%'><div id='usernameresult'></div></td> </tr> <tr> <td>Password</td> <td><input type=password id='pw1' name=password onkeyup='CheckPasswords(this.value);PasswordMatch();'></td> <td><div id='passwordresult'></div></td> </tr> <tr> <td>Confirm Password</td><td><input type=password name=cpassword id='pw2' onkeyup='PasswordMatch();'></td> <td><div id='cpasswordresult'></div></td> </tr> <tr> <td>Email</td><td><input type=text name=email onkeyup='CheckEmail(this.value);'></td> <td><div id='emailresult'></div></td> </tr> <tr> <td>Gender</td> <td colspan='2'><select name='gender' type='dropdown'> <option value='Male'>Male <option value='Female'>Female</select></td> </tr> <tr> <td>Refrernce Code</td><td colspan=2><input type=text name=promo></td> </tr> <input type=hidden name=ref value='"; if($_GET['REF']) { print $_GET['REF']; } print "' />"; if($set['regcap_on']) { print "<tr> <td colspan=3>[img=captcha_verify.php?bgcolor=C3C3C3] <input type='text' name='captcha' /></td> </tr>"; } print " <tr> <td colspan=3 align=center><input type=submit value=Submit></td> </tr> </table> </form> > [url='login.php']Go Back[/url]"; } print <<<OUT </td></tr> </table> </body> </html> OUT; ?> Quote Link to comment Share on other sites More sharing options...
Djkanna Posted September 3, 2010 Share Posted September 3, 2010 $IP = $_SERVER['REMOTE_ADDR']; $IP=addslashes($IP); $IP=mysql_real_escape_string($IP); $IP=strip_tags($IP); Remove it -.- Quote Link to comment Share on other sites More sharing options...
wrx Posted September 3, 2010 Share Posted September 3, 2010 why would the mysqluser account your using to connect with need "Drop Table" rights, might want to look at the rights your DB connect user has and remove the unneeded ones. also maybe set up a cron for daily db backup(create a mysqluser account for this operation),then you can restore data if needed to. Quote Link to comment Share on other sites More sharing options...
Joshua Posted September 3, 2010 Share Posted September 3, 2010 Stop using the illegal Ravens Code and get McCodes ;) That ip addslashes crap is in all the ravans codes, they think it secures their site lol Quote Link to comment Share on other sites More sharing options...
Djkanna Posted September 3, 2010 Share Posted September 3, 2010 Stop using the illegal Ravens Code and get McCodes ;) That ip addslashes crap is in all the ravans codes, they think it secures their site lol I find it funny, Magic quotes on (usually is when that popped up) = \ Addslashes = \ mres = \ Oh wow way to triple escape morons -.- :P Quote Link to comment Share on other sites More sharing options...
Joshua Posted September 4, 2010 Share Posted September 4, 2010 Then, OMG I HAVE AN ERROR Don't use the 15.00 version of McCodes and think it's secure because some nooby said it is ;0 It's not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.