GrimReaper Posted September 15, 2015 Share Posted September 15, 2015 (edited) OK when I login it goes to a page that says authenticate OK so then if i go to my URL and take out home.php and put URL.index.php I'm then inside the game.Can someone help me fix this. <?php session_start(); require_once('connect_db.php'); ?> <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html> <head> <title>U.O.T.S</title> <link rel="shortcut icon" href="images/style/favicon.gif"> <link href="external.css" rel="stylesheet" type="text/css"> </head> <body> <div id="header"> <table width = '989px' height = '430px'> <tr> <td align = 'left' valign = 'bottom' style = 'color:white; font-weight:800;'> <div style = 'background: url(images/css/bg-banner.png) repeat-y left bottom;'> <font size = '+3'>100% Free to play!</font><br> <font size = '+1'>Users online today: 0</font><br> <font size = '+1'>Top gang: N/A</font> </div> </td> </tr> </table> </div> <div id="content"> <table class = "loaded" width = "90%"><tr><td align = "center"> <? $error = ""; $back = "> <a href = 'login.php'><font color = 'red'>Back</font></a>"; $_POST['pass'] = htmlentities(stripslashes($_POST['pass'])); $_POST['username'] = htmlentities(stripslashes($_POST['username'])); if(!$_POST['username'] || !$_POST['pass']) { $error = "Please go back and fill in the form correctly.<br>".$back; } else { $sql = "SELECT `usr_id`,`usr_fed` FROM `usr_tbl` WHERE `usr_login` = '".mysql_real_escape_string($_POST['username'])."' AND `usr_pas` = '".mysql_real_escape_string(md5($_POST['pass']))."' LIMIT 1"; $sql = mysql_query($sql); if(!mysql_num_rows($sql)) { $error = "User not found! Please go back and try again.<br>".$back; } else { $user = mysql_fetch_array($sql); unset($_SESSION['feduser']); if($user['usr_fed'] > time()) { $_SESSION['feduser'] = $user['usr_id']; header('location:fedjail.php'); exit; } else { if($user['usr_fed']) { $sql = "UPDATE `usr_tbl` SET `usr_fed` = '0' WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; mysql_query($sql); } } $_SESSION['myid'] = $user['usr_id']; $_SESSION['verified'] = 0; $sql = "UPDATE `usr_tbl` SET `usr_last_login` = '".mysql_real_escape_string(time())."', `usr_lastact` = '".mysql_real_escape_string(time())."' WHERE `usr_id` = '".mysql_real_escape_string($_SESSION['myid'])."'"; mysql_query($sql); $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '5'"; $rtoday = mysql_fetch_array(mysql_query($q_ry)); $rtoday = $rtoday['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-86400)." ORDER BY `usr_lastact` DESC"; $totoday = mysql_num_rows(mysql_query($q_ry)); if($totoday > $rtoday) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '5'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '6'"; $rhour = mysql_fetch_array(mysql_query($q_ry)); $rhour = $rhour['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-3600)." ORDER BY `usr_lastact` DESC"; $tothour = mysql_num_rows(mysql_query($q_ry)); if($tothour > $rhour) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '6'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '7'"; $rnow = mysql_fetch_array(mysql_query($q_ry)); $rnow = $rnow['setting_value']; $q_ry = "SELECT `usr_id`,`usr_lastact` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-900)." ORDER BY `usr_lastact` DESC"; $onl = mysql_num_rows(mysql_query($q_ry)); if($onl > $rnow) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '7'"; mysql_query($sql); } header('location:index.php'); } } if($error != '') { echo "<font color = 'red'><b>".$error."</b></font>"; } ?> </td></tr></table> </div> <div id="footer"> U.O.T.S is copyright © of IceColdCola netwroks 2012<?php if(date("Y")>'2012') { echo "-".date("Y"); } ?>, All rights reserved. </div> </body> </html> Edited September 15, 2015 by GrimReaper Quote Link to comment Share on other sites More sharing options...
GrimReaper Posted September 15, 2015 Author Share Posted September 15, 2015 It's is a legal licensed copy bought of Ice Cold Cola bought both UOTS and Rc Engine from him. Quote Link to comment Share on other sites More sharing options...
CaptainQuack Posted September 15, 2015 Share Posted September 15, 2015 First thing I'd do is change this - WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; To this - WHERE `usr_id` = '".base64_decode(urlencode(base64_encode(mysql_real_escape_string(intval(strip_tags(htmlentities(htmlspecialchars(md5($user[‘usr_id’])))))))));."'"; 1 Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 15, 2015 Share Posted September 15, 2015 First thing I'd do is change this - WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; To this - WHERE `usr_id` = '".base64_decode(urlencode(base64_encode(mysql_real_escape_string(intval(strip_tags(htmlentities(htmlspecialchars(md5($user[‘usr_id’])))))))));."'"; CaptainQuack is right. This code: WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; Is not only a security problem, but it's probably stopping your login script from working correctly. The "usr_id" is an important variable that you need to protect, simply using mysql_real_escape_string() will not fix the issue or secure your site. CaptainQuack's code will work. 2 Quote Link to comment Share on other sites More sharing options...
GrimReaper Posted September 15, 2015 Author Share Posted September 15, 2015 Thank for reply and fix now :) Quote Link to comment Share on other sites More sharing options...
GrimReaper Posted September 15, 2015 Author Share Posted September 15, 2015 (edited) This right <?php session_start(); require_once('connect_db.php'); ?> <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html> <head> <title>U.O.T.S</title> <link rel="shortcut icon" href="images/style/favicon.gif"> <link href="external.css" rel="stylesheet" type="text/css"> </head> <body> <div id="header"> <table width = '989px' height = '430px'> <tr> <td align = 'left' valign = 'bottom' style = 'color:white; font-weight:800;'> <div style = 'background: url(images/css/bg-banner.png) repeat-y left bottom;'> <font size = '+3'>100% Free to play!</font><br> <font size = '+1'>Users online today: 0</font><br> <font size = '+1'>Top gang: N/A</font> </div> </td> </tr> </table> </div> <div id="content"> <table class = "loaded" width = "90%"><tr><td align = "center"> <? $error = ""; $back = "> <a href = 'login.php'><font color = 'red'>Back</font></a>"; $_POST['pass'] = htmlentities(stripslashes($_POST['pass'])); $_POST['username'] = htmlentities(stripslashes($_POST['username'])); if(!$_POST['username'] || !$_POST['pass']) { $error = "Please go back and fill in the form correctly.<br>".$back; } else { $sql = "SELECT `usr_id`,`usr_fed` FROM `usr_tbl` WHERE `usr_login` = '".mysql_real_escape_string($_POST['username'])."' AND `usr_pas` = '".mysql_real_escape_string(md5($_POST['pass']))."' LIMIT 1"; $sql = mysql_query($sql); if(!mysql_num_rows($sql)) { $error = "User not found! Please go back and try again.<br>".$back; } else { $user = mysql_fetch_array($sql); unset($_SESSION['feduser']); if($user['usr_fed'] > time()) { $_SESSION['feduser'] = $user['usr_id']; header('location:fedjail.php'); exit; } else { if($user['usr_fed']) { $sql = "UPDATE `usr_tbl` SET `usr_fed` = '0' WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; mysql_query($sql); } } $_SESSION['myid'] = $user['usr_id']; $_SESSION['verified'] = 0; $sql = "UPDATE `usr_tbl` SET `usr_last_login` = '".mysql_real_escape_string(time())."', `usr_lastact` = '".mysql_real_escape_string(time())."' <?php session_start(); require_once('connect_db.php'); ?> <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html> <head> <title>U.O.T.S</title> <link rel="shortcut icon" href="images/style/favicon.gif"> <link href="external.css" rel="stylesheet" type="text/css"> </head> <body> <div id="header"> <table width = '989px' height = '430px'> <tr> <td align = 'left' valign = 'bottom' style = 'color:white; font-weight:800;'> <div style = 'background: url(images/css/bg-banner.png) repeat-y left bottom;'> <font size = '+3'>100% Free to play!</font><br> <font size = '+1'>Users online today: 0</font><br> <font size = '+1'>Top gang: N/A</font> </div> </td> </tr> </table> </div> <div id="content"> <table class = "loaded" width = "90%"><tr><td align = "center"> <? $error = ""; $back = "> <a href = 'login.php'><font color = 'red'>Back</font></a>"; $_POST['pass'] = htmlentities(stripslashes($_POST['pass'])); $_POST['username'] = htmlentities(stripslashes($_POST['username'])); if(!$_POST['username'] || !$_POST['pass']) { $error = "Please go back and fill in the form correctly.<br>".$back; } else { $sql = "SELECT `usr_id`,`usr_fed` FROM `usr_tbl` WHERE `usr_login` = '".mysql_real_escape_string($_POST['username'])."' AND `usr_pas` = '".mysql_real_escape_string(md5($_POST['pass']))."' LIMIT 1"; $sql = mysql_query($sql); if(!mysql_num_rows($sql)) { $error = "User not found! Please go back and try again.<br>".$back; } else { $user = mysql_fetch_array($sql); unset($_SESSION['feduser']); if($user['usr_fed'] > time()) { $_SESSION['feduser'] = $user['usr_id']; header('location:fedjail.php'); exit; } else { if($user['usr_fed']) { $sql = "UPDATE `usr_tbl` SET `usr_fed` = '0' WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; mysql_query($sql); } } $_SESSION['myid'] = $user['usr_id']; $_SESSION['verified'] = 0; $sql = "UPDATE `usr_tbl` SET `usr_last_login` = '".mysql_real_escape_string(time())."', `usr_lastact` = '".mysql_real_escape_string(time())."' WHERE `usr_id` = '".mysql_real_escape_string($_SESSION['myid'])."'"; mysql_query($sql); $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '5'"; $rtoday = mysql_fetch_array(mysql_query($q_ry)); $rtoday = $rtoday['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-86400)." ORDER BY `usr_lastact` DESC"; $totoday = mysql_num_rows(mysql_query($q_ry)); if($totoday > $rtoday) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '5'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '6'"; $rhour = mysql_fetch_array(mysql_query($q_ry)); $rhour = $rhour['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-3600)." ORDER BY `usr_lastact` DESC"; $tothour = mysql_num_rows(mysql_query($q_ry)); if($tothour > $rhour) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '6'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '7'"; $rnow = mysql_fetch_array(mysql_query($q_ry)); $rnow = $rnow['setting_value']; $q_ry = "SELECT `usr_id`,`usr_lastact` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-900)." ORDER BY `usr_lastact` DESC"; $onl = mysql_num_rows(mysql_query($q_ry)); if($onl > $rnow) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '7'"; mysql_query($sql); } header('location:index.php'); } } if($error != '') { echo "<font color = 'red'><b>".$error."</b></font>"; } ?> </td></tr></table> </div> <div id="footer"> U.O.T.S is copyright © of IceColdCola netwroks 2012<?php if(date("Y")>'2012') { echo "-".date("Y"); } ?>, All rights reserved. </div> </body> </html> mysql_query($sql); $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '5'"; $rtoday = mysql_fetch_array(mysql_query($q_ry)); $rtoday = $rtoday['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-86400)." ORDER BY `usr_lastact` DESC"; $totoday = mysql_num_rows(mysql_query($q_ry)); if($totoday > $rtoday) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '5'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '6'"; $rhour = mysql_fetch_array(mysql_query($q_ry)); $rhour = $rhour['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-3600)." ORDER BY `usr_lastact` DESC"; $tothour = mysql_num_rows(mysql_query($q_ry)); if($tothour > $rhour) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '6'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '7'"; $rnow = mysql_fetch_array(mysql_query($q_ry)); $rnow = $rnow['setting_value']; $q_ry = "SELECT `usr_id`,`usr_lastact` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-900)." ORDER BY `usr_lastact` DESC"; $onl = mysql_num_rows(mysql_query($q_ry)); if($onl > $rnow) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '7'"; mysql_query($sql); } header('location:index.php'); } } if($error != '') { echo "<font color = 'red'><b>".$error."</b></font>"; } ?> </td></tr></table> </div> <div id="footer"> U.O.T.S is copyright © of IceColdCola netwroks 2012<?php if(date("Y")>'2012') { echo "-".date("Y"); } ?>, All rights reserved. </div> </body> </html> - - - Updated - - - [ATTACH=CONFIG]2192[/ATTACH] - - - Updated - - - So I login and takes me to this http://www.ripcity.x10host.com/login.php?page=authent OK that's where get that pic above and now if take that login.php?page=authent put index.php it takes me into the game Edited September 15, 2015 by KyleMassacre Added code tags Quote Link to comment Share on other sites More sharing options...
GrimReaper Posted September 15, 2015 Author Share Posted September 15, 2015 (edited) Now see that ?page=authent in login.php on Line 557 to line 558 I was told the authent page causing this think this in login.php - - - Updated - - - Here login.php file below: <?php session_start(); include('connect_db.php'); if($_SERVER['REMOTE_ADDR'] == '71.176.221.177') { exit; } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>U.O.T.S - Login</title> <link rel="shortcut icon" href="images/style/favicon.gif"> <link href="external-2.css" rel="stylesheet" type="text/css"> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="js/jquery-1.4.2.js"></script> <script type = 'text/javascript'> $(function() { $('#usern').bind('keyup focusout',function() { var val = $(this).val(); var load = 'reg_checks.php?a=username&string='+val; $.get(load, function(data) { $('#un_check').html(data); }); }); $('#passw').focusout(function() { var val = $(this).val(); var load = 'reg_checks.php?a=pass&string='+val; $.get(load, function(data) { $('#pw_check').html(data); }); }); $('#passwc').focusout(function() { var valb = $('#passw').val(); var valc = $(this).val(); if(valb) { if(valb == valc) { data = "<font color = '#33FF00'>Matching</font>"; } else { data = "<font color = 'red'>Not matching</font>"; } } else { data = "<font color = 'red'>Empty-0%</font>"; } $('#pw_checktwo').html(data); }); $('#email').focusout(function() { var val = $(this).val(); var load = 'reg_checks.php?a=email&string='+val; $.get(load, function(data) { $('#em_check').html(data); }); }); $('#captcha').keyup(function() { var val = $(this).val(); if(!val) { $('#cap_check').html("<font color = 'red'>Empty</font>"); } else { $('#cap_check').html(""); } }); }); </script> <meta name="description" content="Play University Of The Streets FREE - A live updating text based crime game. No download required and no plug in essential, Starts gangs, Smuggle and produce drugs, Commit crimes, Play the casino, Attack other players, Become a property broker, Buy and sell items and much much more!"> <meta name="keywords" content="TBRPG,MMORPG,University,Of,The,Streets,Com,Game,Gang,Drug,Gun,Violence,Crime,RPG,Free,Text,Based,Attack,Casino,Smuggle,u,o,t,s,UOTS,u.o.t.s" /> </head> <body> <center> <table border = '0' cellspacing = '0' width = '1038px' style = 'margin-top: 3px;'> <tr> <td style = 'height: 75px; background: url(images/css/login/banner-text.png) no-repeat left top;'> </td> </tr> <tr> <td align = 'right' valign = 'top'> <table style = 'height: 70px;' cellspacing = '0'> <tr> <td style = 'width: 28px; background: url(images/css/login/login-area-left.png) no-repeat right top;'> </td> <td style = 'background: url(images/css/login/login-area-x.jpg) repeat-x center top;'> <form action = 'login.php?page=authent' method = 'post'> <table width = '600px' style = 'color: #360000;'> <tr> <td align = 'left'> <b>Username:</b> </td> <td align = 'left'> <input type = 'text' name = 'username' value = '' style = 'background: #a8a8a8;'> </td> <td align = 'left'> <b>Password:</b> </td> <td align = 'left'> <input type = 'password' name = 'pass' value = '' style = 'background: #a8a8a8;'> </td> <td align = 'left'> <input type = 'submit' name = 'login' value = 'Login' style = 'background: #a8a8a8;'> </td> </tr> </table> </form> </td> <td style = 'width: 28px; background: url(images/css/login/login-area-right.png) no-repeat left top;'> </td> </tr> </table> </td> </tr> <tr> <td align = 'left' valign = 'bottom' style = 'height: 55px; background: rgba(64, 64, 64, 0);'> <table width = '100%' height = '35px' style = 'font-weight: 800; color: white;' border = '0'> <tr align = 'center'> <td width = '16%' style = 'background: url(images/css/login/login-buttons.png) no-repeat center center;'> • <a href = 'login.php?page=home' id = 'linkage'>Home page</a> </td> <td width = '16%' style = 'background: url(images/css/login/login-buttons.png) no-repeat center center;'> • <a href = 'login.php?page=register' id = 'linkage'>Register</a> </td> <td width = '16%' style = 'background: url(images/css/login/login-buttons.png) no-repeat center center;'> • <a href = 'login.php?page=forgotpass' id = 'linkage'>Forgot password</a> </td> <td width = '16%' style = 'background: url(images/css/login/login-buttons.png) no-repeat center center;'> • <a href = 'login.php?page=about' id = 'linkage'>About us</a> </td> <td width = '16%' style = 'background: url(images/css/login/login-buttons.png) no-repeat center center;'> • Contact us </td> <td width = '16%' style = 'background: url(images/css/login/login-buttons.png) no-repeat center center;'> • Screenshots </td> </tr> </table> </td> </tr> <tr> <td align = 'left' valign = 'top' style = 'height: 960px; background: url(images/css/login/page-bg.png) no-repeat center top;'> <div style = 'width: 675px; height: 445px; margin-top: 75px; margin-left: 70px; text-align: center; background: rgba(225,225,225,0.4);'> U.O.T.S is copyright © of IceColdCola networks 2012<?php if(date("Y")>'2012') { echo "-".date("Y"); } ?>, All rights reserved. <?php if(!in_array($_GET['page'],array('home','register','code','forgotpass','authent','about'))) { $_GET['page'] = 'home'; } if(!$_GET['page']) { $_GET['page'] = 'home'; } switch($_GET['page']) { case 'home' : home(); break; case 'register' : register(); break; case 'forgotpass' : forgot_pass(); break; case 'code' : code(); break; case 'authent' : authent(); break; case 'about' : about(); break; } ?> </div> </td> </tr> </table> </center> </body> </html> <?php function home() { echo "<h1>Welcome</h1> <center> <table width = '500px' style = 'background: rgba(225,225,225,0.7); border: solid 1px black;'> <tr> <td align = 'center' colspan = '3'> <i><b>Play University Of The Streets FREE - A live updating text based crime game. No download required and no plug in essential, start gangs, smuggle and produce drugs, commit crimes, play the casino, attack other players, become a property broker, buy and sell items, take part in a turf battle and much much more!</b></i> </td> </tr> <tr> <td align = 'right' width = '60%'> <h3><b>Users online today:</b></h3> </td> <td width = '10%'> </td> <td align = 'left'>"; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= '".(time()-86400)."'"; $totoday = mysql_num_rows(mysql_query($q_ry)); echo "<h3><b>".$totoday."</b></h3>"; echo "</td> </tr> <tr> <td align = 'center' colspan = '3'> <a href = 'login.php?page=register' style = 'color: #360000;'><h2><b>Register now!</b></h2></a> </td> </tr> </table>"; } function about() { echo "<h1>About Us</h1> <center> <table width = '500px' style = 'background: rgba(225,225,225,0.7); border: solid 1px black;'> <tr> <td align = 'center' colspan = '3'> <i><b>Play University Of The Streets FREE - A live updating text based crime game. No download required and no plug in essential, start gangs, smuggle and produce drugs, commit crimes, play the casino, attack other players, become a property broker, buy and sell items, take part in a turf battle and much much more!</b></i> </td> </tr> </table>"; } function register() { echo "<h1>Register</h1> <center>"; $_GET['ref'] = preg_replace('/[^0-9]/', '', $_GET['ref']); $_GET['code'] = preg_replace('/[^0-9A-Z]/', '', $_GET['code']); $game_url = 'http://'.$_SERVER['HTTP_HOST']; $referer = $game_url."/login.php"; $first_half = explode("?", $_SERVER['HTTP_REFERER']); if($first_half[0] == $referer) { if(!$_POST['usern']) { echo "<form action = 'login.php?page=register' method = 'post'> <table width = '500px' style = 'background: rgba(225,225,225,0.7); border: solid 1px black;'> <tr valign = 'bottom'> <td align = 'right' width = '125px'> Username: </td> <td width = '10px'> </td> <td align = 'left'> <input type = 'text' name = 'usern' id = 'usern'> </td> <td width = '150px'> <span id = 'un_check' style = 'font-weight: 800;'><small>0-9, A-Z, _ & - only.</small></span> </td> </tr> <tr valign = 'bottom'> <td align = 'right'> Password: </td> <td width = '10px'> </td> <td align = 'left'> <input type = 'password' name = 'passw' id = 'passw'> </td> <td width = '150px'> <span id = 'pw_check' style = 'font-weight: 800;'></span> </td> </tr> <tr valign = 'bottom'> <td align = 'right'> Repeat password: </td> <td width = '10px'> </td> <td align = 'left'> <input type = 'password' name = 'passwc' id = 'passwc'> </td> <td width = '150px'> <span id = 'pw_checktwo' style = 'font-weight: 800;'></span> </td> </tr> <tr valign = 'bottom'> <td align = 'right'> Gender: </td> <td width = '10px'> </td> <td align = 'left'> <select name = 'sex' style = 'width: 156px;'> <option value = 'male' SELECTED>Male</option> <option value = 'female'>Female</option> </select> </td> <td width = '150px'> </td> </tr> <tr valign = 'bottom'> <td align = 'right'> Email address: </td> <td width = '10px'> </td> <td align = 'left'> <input type = 'text' name = 'email' id = 'email'> </td> <td width = '150px'> <span id = 'em_check' style = 'font-weight: 800;'><small>Email will be verified.</small></span> </td> </tr> <tr valign = 'bottom'> <td align = 'right' valign = 'top'> Captcha: </td> <td width = '10px'> </td> <td align = 'left'> <input type = 'text' name = 'captcha' id = 'captcha'> <img src = 'captcha.php' width = '145px' height = '60px' style = 'margin-top: 6px; margin-left: -2px;'> </td> <td width = '150px'> <span id = 'cap_check' style = 'font-weight: 800;'><small>Captcha will be verified.</small></span> </td> </tr> <tr valign = 'bottom'> <td align = 'right'> </td> <td width = '10px'> </td> <td align = 'left'> </td> <td width = '150px'> <input type = 'submit' name = 'register' value = 'Register' id = 'linkage'> </td> </tr> </table> </form>"; } else { echo "<table width = '500px' style = 'background: rgba(225,225,225,0.7); border: solid 1px black;'> <tr> <td align = 'center'>"; $back = "<hr>><a href = 'login.php?page=register' style = 'font-weight: 800; cursor: pointer; color: black;'>Try again</a>"; $check_name = check_name(); if($check_name) { echo $check_name.$back; } else { $check_pass = check_pass(); if($check_pass) { echo $check_pass.$back; } else { $check_email = check_email(); if($check_email) { echo $check_email.$back; } else { $_POST['email'] = stripslashes($_POST['email']); $check_cap = check_cap(); if($check_cap) { echo $check_cap.$back; } else { $code = null; $chars = 'ABCDEFGHIJKLMOPQRSTUVXWYZ0123456789'; for($i = 1; $i<=30; $i++) { $rand = rand(0,strlen($chars)-1); $code.=substr($chars, $rand, 1); } $link = 'http://'.$_SERVER['HTTP_HOST']; $link.= '/login.php?page=code&code='.$code; $message = "Hello ".$_POST['usern'].",\n\n Your email address has been used to create an account at university-of-the-streets.com.\n If this was not you please ignore this email, Otherwise click the link below to activate your account.\n\n ".$link; if(!mail($_POST['email'], "Thank you for signing up to U.O.T.S", $message, "From: [email protected]")) { echo "There was an error with your email, Please try again.".$back; } else { $sex = preg_replace('/[^a-z]/', '', $_POST['sex']); if(!in_array($sex, array('male','female'))) { $sex = 'male'; } $usern = preg_replace('/[^0-9a-zA-Z-_]/', '', $_POST['usern']); $pass = $_POST['passw']; $email = strip_tags(stripslashes($_POST['email'])); $ip = $_SERVER['REMOTE_ADDR']; $ref = preg_replace('/[^0-9]/', '', $_GET['ref']); $ref = $ref ? $ref : 0; $sql = "INSERT INTO `tmp_users` VALUES('NULL', '".mysql_real_escape_string($usern)."', '".mysql_real_escape_string(md5($pass))."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($sex)."', '".mysql_real_escape_string(time())."', '".mysql_real_escape_string($ip)."', '".mysql_real_escape_string($ref)."', '".mysql_real_escape_string($code)."')"; mysql_query($sql); echo "Thank you for signing up!<br><br> We have sent an email to you<br> You can activate your account here."; } } } } } echo "</td> </tr> </table>"; } } } function forgot_pass() { echo "<h1>Forgot password</h1>"; $_GET['code'] = preg_replace('/[^0-9A-Z]/', '', $_GET['code']); $game_url = 'http://'.$_SERVER['HTTP_HOST']; $referer = $game_url."/login.php"; $first_half = explode("?", $_SERVER['HTTP_REFERER']); if($first_half[0] == $referer) { $_POST['email'] = strip_tags(stripslashes($_POST['email'])); echo "<center> <table width = '500px' style = 'background: rgba(225,225,225,0.7); border: solid 1px black;'> <tr> <td align = 'center'>"; if(!$_POST['email']) { echo "Please enter the email address you used to sign up for the account to recover your password.<br><br> <form action = 'login.php?page=forgotpass' method = 'post'> <table width = '100%'> <tr> <td align = 'right'> <b>Email address:</b> <input type = 'text' name = 'email'> </td> </tr> <tr> <td align = 'right'> <input type = 'submit' name = 'continue' value = 'Continue' id = 'linkage'> </td> </tr> </table> </form>"; } else { $sql = "SELECT `usr_id`,`usr_nme` FROM `usr_tbl` WHERE `usr_email` = '".mysql_real_escape_string($_POST['email'])."'"; $sql = mysql_query($sql); if(!mysql_num_rows($sql)) { echo "The account linked the email address \"".$_POST['email']."\"was not found!"; } else { $u = mysql_fetch_array($sql); $temppass = null; $chars = 'ABCDEFGHIJKLMOPQRSTUVXWYZ0123456789'; for($i = 1; $i<=8; $i++) { $rand = rand(0,strlen($chars)-1); $temppass.=substr($chars, $rand, 1); } $sql = "UPDATE `usr_tbl` SET `usr_pas` = '".mysql_real_escape_string(md5($temppass))."' WHERE `usr_id` = '".mysql_real_escape_string($u['usr_id'])."'"; mysql_query($sql); $message = "Hello ".$u['usr_nme'].",\n\n We have sent you a new password as requested.\n This password should be changed as soon as you login to something you will remember.\n\n ".$temppass; mail($_POST['email'], "Password recovery - U.O.T.S", $message, "From: [email protected]"); echo "An email with a new password has been sent to you<br>Remember to check junk if it does not appear in your inbox!"; } echo "<hr> ><a href = 'login.php?page=forgotpass' id = 'linkage' style = 'color: black;'>Back</a> <hr>"; } echo "</td> </tr> </table>"; } } function code() { echo "<h1>Confirm email</h1>"; $_GET['code'] = preg_replace('/[^0-9A-Z]/', '', $_GET['code']); echo "<center> <table width = '500px' style = 'background: rgba(225,225,225,0.7); border: solid 1px black;'> <tr> <td align = 'center'>"; if(!$_GET['code']) { echo "Invalid registration code!"; } else { $sql = "SELECT * FROM `tmp_users` WHERE `code` = '".mysql_real_escape_string($_GET['code'])."'"; $sql = mysql_query($sql); if(!mysql_num_rows($sql)) { echo "Invalid registration code!"; } else { $u = mysql_fetch_array($sql); $sql = "INSERT INTO `usr_tbl` (`usr_nme`,`usr_login`,`usr_pas`,`usr_email`, `usr_sex`,`usr_sign_date`,`usr_sign_ip`) VALUES ('".mysql_real_escape_string($u['tmp_uname'])."', '".mysql_real_escape_string($u['tmp_uname'])."', '".mysql_real_escape_string($u['tmp_pass'])."', '".mysql_real_escape_string($u['tmp_email'])."', '".mysql_real_escape_string($u['tmp_sex'])."', '".mysql_real_escape_string($u['tmp_date'])."', '".mysql_real_escape_string($u['tmp_ip'])."')"; mysql_query($sql); $user_id = mysql_insert_id(); $sql = "INSERT INTO `usr_stats` (`usr_id`) VALUES ('".mysql_real_escape_string($user_id)."')"; mysql_query($sql); $sql = "INSERT INTO `usr_equipped` (`e_userid`) VALUES ('".mysql_real_escape_string($user_id)."')"; mysql_query($sql); $inbox = "Hello ".$u['tmp_uname'].", Welcome to crystal city, Today i will explain your first lessons on becoming a gangster on these streets, Up in the top right you have your missions tab, Click the missions tab and complete the steps i have set for this mission, At the end you will receive a small but worthy reward. If you have any problems don't hesitate to ask a member of staff for help. Staff can be found under the staff link in the city."; inbox_msg($user_id, 3, 'Welcome', $inbox); if($u['tmp_ref']) { $sql = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_id` = '".mysql_real_escape_string($u['tmp_ref'])."'"; $sql = mysql_query($sql); if(mysql_num_rows($sql)) { $sql = "INSERT INTO `referers` VALUES ('NULL', '".mysql_real_escape_string($u['tmp_ref'])."', '".mysql_real_escape_string($user_id)."')"; mysql_query($sql); $sql = "UPDATE `usr_tbl` SET `usr_referals` = `usr_referals` + '1' WHERE `usr_id` = '".mysql_real_escape_string($u['tmp_ref'])."'"; mysql_query($sql); $msg = "Thank you for referring ".$u['tmp_uname']."[".$user_id."]!"; in_event($u['tmp_ref'], $msg); } } echo "Thank you for signing up ".$u['tmp_uname']."[".$user_id."]!<br><br> You may now login<br><br> Enjoy!"; $sql = "DELETE FROM `tmp_users` WHERE `tmp_id` = '".mysql_real_escape_string($u['tmp_id'])."'"; mysql_query($sql); } } echo "</td> </tr> </table>"; } function authent() { echo "<h1>Authentication</h1>"; $error = ""; $back = "> <a href = 'login.php'><font color = 'red'>Back</font></a>"; $_POST['pass'] = htmlentities(stripslashes($_POST['pass'])); $_POST['username'] = htmlentities(stripslashes($_POST['username'])); if(!$_POST['username'] || !$_POST['pass']) { $error = "Please go back and fill in the form correctly.<br>".$back; } else { $sql = "SELECT `usr_id`,`usr_fed` FROM `usr_tbl` WHERE `usr_login` = '".mysql_real_escape_string($_POST['username'])."' AND `usr_pas` = '".mysql_real_escape_string(md5($_POST['pass']))."' LIMIT 1"; $sql = mysql_query($sql); if(!mysql_num_rows($sql)) { $error = "User not found! Please go back and try again.<br>".$back; } else { $user = mysql_fetch_array($sql); unset($_SESSION['feduser']); if($user['usr_fed'] > time()) { $_SESSION['feduser'] = $user['usr_id']; header('location:fedjail.php'); exit; } else { if($user['usr_fed']) { $sql = "UPDATE `usr_tbl` SET `usr_fed` = '0' WHERE `usr_id` = '".mysql_real_escape_string($user['usr_id'])."'"; mysql_query($sql); } } $_SESSION['myid'] = $user['usr_id']; $_SESSION['verified'] = 0; $sql = "UPDATE `usr_tbl` SET `usr_last_login` = '".mysql_real_escape_string(time())."', `usr_lastact` = '".mysql_real_escape_string(time())."' WHERE `usr_id` = '".mysql_real_escape_string($_SESSION['myid'])."'"; mysql_query($sql); $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '5'"; $rtoday = mysql_fetch_array(mysql_query($q_ry)); $rtoday = $rtoday['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-86400)." ORDER BY `usr_lastact` DESC"; $totoday = mysql_num_rows(mysql_query($q_ry)); if($totoday > $rtoday) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '5'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '6'"; $rhour = mysql_fetch_array(mysql_query($q_ry)); $rhour = $rhour['setting_value']; $q_ry = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-3600)." ORDER BY `usr_lastact` DESC"; $tothour = mysql_num_rows(mysql_query($q_ry)); if($tothour > $rhour) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '6'"; mysql_query($sql); } $q_ry = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '7'"; $rnow = mysql_fetch_array(mysql_query($q_ry)); $rnow = $rnow['setting_value']; $q_ry = "SELECT `usr_id`,`usr_lastact` FROM `usr_tbl` WHERE `usr_lastact` >= ".(time()-900)." ORDER BY `usr_lastact` DESC"; $onl = mysql_num_rows(mysql_query($q_ry)); if($onl > $rnow) { $sql = "UPDATE `game_set` SET `setting_value` = `setting_value` + '1' WHERE `setting_id` = '7'"; mysql_query($sql); } header('location:index.php'); } } if($error != '') { echo "<font color = 'red'><b>".$error."</b></font>"; } } function add_live($id, $function) { $sql = "SELECT `usr_live` FROM `usr_tbl` WHERE `usr_id` = '".mysql_real_escape_string($id)."'"; $live = mysql_fetch_array(mysql_query($sql)); $live = $live['usr_live']; $live.= $function; $sql = "UPDATE `usr_tbl` SET `usr_live` = '".mysql_real_escape_string($live)."' WHERE `usr_id` = '".mysql_real_escape_string($id)."'"; mysql_query($sql); } function inbox_msg($user, $from, $subj, $mesg) { $sql = "INSERT INTO `usr_msgs` VALUES('NULL', '".mysql_real_escape_string($user)."', '".mysql_real_escape_string($from)."', '".time()."', '".mysql_real_escape_string($subj)."', '".mysql_real_escape_string($mesg)."', 'no')"; mysql_query($sql); add_live($user, "add_msg();"); } function in_event($player, $text) { $text = stripslashes($text); mysql_query("INSERT INTO `usr_events` VALUES('NULL', '".mysql_real_escape_string($player)."', '".time()."', '".mysql_real_escape_string($text)."', 'no')"); add_live($player, "add_event();"); } function check_name() { $username = $_POST['usern']; if(!$username) { return "Username cannot be empty."; } else { if(preg_match('/[^0-9a-zA-Z-_]/', $username)) { return "Invalid characters detected in your username!"; } else { $username = preg_replace('/[^0-9a-zA-Z-_]/', '', $username); if(strlen($username) < '3') { return "Your username is too short!"; } else { if(strlen($username) > '21') { return "Your username is too long."; } else { $sql1 = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_nme` = '".mysql_real_escape_string($username)."' || `usr_login` = '".mysql_real_escape_string($username)."'"; $sql1 = mysql_query($sql1); $sql2 = "SELECT `tmp_id` FROM `tmp_users` WHERE `tmp_uname` = '".mysql_real_escape_string($username)."'"; $sql2 = mysql_query($sql2); if(mysql_num_rows($sql1) || mysql_num_rows($sql2)) { return "This username is already in use."; } else { return 0; } } } } } } function check_pass() { $pass = $_POST['passw']; $passtwo = $_POST['passwc']; if(!$pass || !$passtwo) { return "Password does not match."; } else { if($pass != $passtwo) { return "Password does not match."; } else { return 0; } } } function check_email() { $_POST['email'] = strip_tags(stripslashes($_POST['email'])); if(!$_POST['email']) { return "Email address cannot be empty."; } else { $email = explode("@", $_POST['email']); $check_for_the_dot = explode(".", $email[1]); if(substr_count($_POST['email'], "@") > '1') { return "Invalid email address."; } else { if(!$check_for_the_dot[1]) { return "Invalid email address."; } else { $sql = "SELECT `setting_value` FROM `game_set` WHERE `setting_id` = '4'"; $bad_url = mysql_fetch_array(mysql_query($sql)); $bad_url = explode(",", $bad_url['setting_value']); if(in_array($email[1], $bad_url)) { return "Disposable email addresses cannot be used."; } else { if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { return "Invalid email address."; } else { $sql = "SELECT `usr_id` FROM `usr_tbl` WHERE `usr_email` = '".mysql_real_escape_string($_POST['email'])."'"; $sql = mysql_query($sql); $sql2 = "SELECT `tmp_id` FROM `tmp_users` WHERE `tmp_email` = '".mysql_real_escape_string($_POST['email'])."'"; $sql2 = mysql_query($sql2); if(mysql_num_rows($sql) || mysql_num_rows($sql2)) { return "Email address exists."; } else { return 0; } } } } } } } function check_cap() { $cap = $_POST['captcha']; if(!$cap) { return "Captcha cannot be empty."; } else { if($cap != $_SESSION['cap_code']) { return "Captcha did not match."; } else { return 0; } } } ?> Edited September 15, 2015 by KyleMassacre More code tags Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted September 15, 2015 Share Posted September 15, 2015 [MENTION=71784]GrimReaper[/MENTION]: please use code tags Quote Link to comment Share on other sites More sharing options...
GrimReaper Posted September 15, 2015 Author Share Posted September 15, 2015 OK I'm sorry Kyle I'm new here. How do you do that and my apologies. Quote Link to comment Share on other sites More sharing options...
GrimReaper Posted September 15, 2015 Author Share Posted September 15, 2015 I figured it out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.