- <?php
- if(isset($_POST['submit'])) {
- if(!$_POST['user'] || !$_POST['pass1'] || !$_POST['pass2']) {
- die('You must fill in all of the feilds!!!<BR>');
- }
- if(!get_magic_quotes_gpc()) {
- $user = addslashes($_POST['user']);
- $pass = md5($_POST['pass1']);
- $email= $_POST['email'];
- } else {
- $user = $_POST['user'];
- $pass = md5($_POST['pass1']);
- $email= $_POST['email'];
- }
- $pass2 = md5($_POST['pass2']);
- $user2 = mysql_real_escape_string($user);
- $check = mysql_query("SELECT * FROM accounts WHERE username = '$user2'");
- $check2 = mysql_num_rows($check);
- if($check2 != '0') {
- die("Username: '".$user."' is in use!");
- }
- if($pass != $pass2) {
- die('Passwords dont match!');
- }
- $email2 = mysql_real_escape_string($email);
- $check3 = mysql_query("SELECT * FROM accounts WHERE email = '$email2'");
- $check4 = mysql_num_rows($check3);
- if($check4 != '0') {
- die("Email-Adress: '".$email."' is in use!");
- }
- $pass3 = mysql_real_escape_string($pass);
- $ref2 = mysql_real_escape_string($ref);
- $insert_member = mysql_query("INSERT INTO accounts (username, password, email, ref) VALUES ('$user2', '$pass3', '$email2', '$ref2' '1')");
- if($insert_member) {
- echo("<p class='b01'>Registration Complete! <a href=?op=home>Click here</a>");
- } else {
- echo("<p class='b01'>Registration Failed!</p>");
- }}
- ?>
lmame wrote:Never use addslashes, it's evil ^_^
In combinations with mysql escape not o.0 but in combination with it it's just useless
@choseal
you should realy try to inject em it's so funny runnign around with a [gm] name give myself acceslevel 300 just to funny for words everybody is like wtf!
Well his code is very messy but you only need real escape no need to double do so you can basicly delete em
i'm wondering why nobody released an Complete register page?
Full secure OOP scripted (Nope i'm not gone make this becaus nobody give respect these days example: viewtopic.php?f=28&t=3889)