Register Page (Email-Referral-Birthday-Capatcha)

[xPrend]

Never use addslashes, it's evil ^_^

In combinations with mysql escape not o.0 but in combination with it it's just useless

@choseal
you should realy try to inject em it's so funny runnign around with a [gm] name give myself acceslevel 300 just to funny for words everybody is like wtf!
Well his code is very messy but you only need real escape no need to double do so you can basicly delete em

i'm wondering why nobody released an Complete register page?
Full secure OOP scripted (Nope i'm not gone make this becaus nobody give respect these days example: viewtopic.php?f=28&t=3889)

[Jorn369]

Never use addslashes, it's evil ^_^

There is an other way then ?

[lmame]

mysql_real_escape_string.

[Choseal]

Never use addslashes, it's evil ^_^

There is an other way then ?

We've told you a couple of times now.

And Xprend, I've tried injections once, on a certain high-ranked server, it gave me some weird results, like:

"Congratulations Choseal"] SET accesslevel = 500 WHERE accountname = Choseal //

Your account has been created!"

-or something along those lines.

[xPrend]

Never use addslashes, it's evil ^_^

There is an other way then ?

We've told you a couple of times now.

And Xprend, I've tried injections once, on a certain high-ranked server, it gave me some weird results, like:

"Congratulations Choseal"] SET accesslevel = 500 WHERE accountname = Choseal //

Your account has been created!"

-or something along those lines.

Not sure xD abouth this one just check out xD (anyway Evil! )

[naruto7]

i see 1 problem with this code
their is nothing telling it where the database is located like i have my website on 1 server but my database for the game is located on another computer so it needs to know where its sending the account info to so it can be stored in the table

[Mark]

i see 1 problem with this code
their is nothing telling it where the database is located like i have my website on 1 server but my database for the game is located on another computer so it needs to know where its sending the account info to so it can be stored in the table

Wow talk about a Necro Post or what

Anyways, the parts in red are the parts that connect to the database, an existing sql connection would already be in place from the very 1st page ( index.php)

Line number On/Off | Expand/Contract | Select all

1. <?php
2. if(isset($_POST['submit'])) {
3. if(!$_POST['user'] || !$_POST['pass1'] || !$_POST['pass2']) {
4. die('You must fill in all of the feilds!!!<BR>');
5. }
6. if(!get_magic_quotes_gpc()) {
7. $user = addslashes($_POST['user']);
8. $pass = md5($_POST['pass1']);
9. $email= $_POST['email'];
10. } else {
11. $user = $_POST['user'];
12. $pass = md5($_POST['pass1']);
13. $email= $_POST['email'];
14. }
15. $pass2 = md5($_POST['pass2']);
16. $user2 = mysql_real_escape_string($user);
17. $check = mysql_query("SELECT * FROM accounts WHERE username = '$user2'");
18. $check2 = mysql_num_rows($check);
19. if($check2 != '0') {
20. die("Username: '".$user."' is in use!");
21. }
22. if($pass != $pass2) {
23. die('Passwords dont match!');
24. }
25. $email2 = mysql_real_escape_string($email);
26. $check3 = mysql_query("SELECT * FROM accounts WHERE email = '$email2'");
27. $check4 = mysql_num_rows($check3);
28. if($check4 != '0') {
29. die("Email-Adress: '".$email."' is in use!");
30. }
31. $pass3 = mysql_real_escape_string($pass);
32. $ref2 = mysql_real_escape_string($ref);
33. $insert_member = mysql_query("INSERT INTO accounts (username, password, email, ref) VALUES ('$user2', '$pass3', '$email2', '$ref2' '1')");
34. if($insert_member) {
35. echo("<p class='b01'>Registration Complete! <a href=?op=home>Click here</a>");
36. } else {
37. echo("<p class='b01'>Registration Failed!</p>");
38. }}
39. ?>

Obviously if there any tables missing or required in the sql table itself, then simply add them in so that the script can "dump" the info it needs to into the right place's.

Also I think the line highlighted in blue:

Line number On/Off | Expand/Contract | Select all

1. $user =addslashes($_POST['user']);

Should be like this maybe:

Line number On/Off | Expand/Contract | Select all

1. $user = mysql_real_escape_string($_POST['user']);

[naruto7]

i was refering to connection info for it like
user:
pass:
database:
Host:

[xadet3]

There's a dangerous precedent I've been noticing lately since the community died a fair bit, people are expecting things done for them constantly, usually for quite easy things to find out too, you need to learn for yourselves. It's looking to me as if once every knowledgeable person moves on from ROSE, this community will be royally screwed.

If you look at the PHP docs you'll find every thing you need to answer your question, instantly.

[Mark]

+1 Xadet, I'm getting fed up of having to answer the most basic of things which can be found out, not only through searching on these forums but a simple google search on "how to connect to an sql database using php" would suffice. I mean Common sense does not seem to be prevailing here at all, and yeah like you say, ultimately when the ROSE community becomes Ancient news and is almost gone, anyone searching for knowledge on what to do or how to do it, wont be able to access this on a 1 to 1 communication basis.

I mean fair enough iv'e had my own questions and yeah they may have been basic, but after lots of reading and studying not only forum posts here but using readily available web tools that anyone can access, iv'e learned so much and whats even better is the learning never stops.