PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
james20020
Forum Newbie
Posts: 2 Joined: Mon Dec 16, 2013 12:16 pm
Post
by james20020 » Mon Dec 16, 2013 12:18 pm
hi i have problems whit my script i try to encryp md5 salt var(32) but i try and try and i cant
here is my code is some one can fix my code thanks
Code: Select all
<?php
$dbcon = @mysql_connect($dbhost, $dbuser, $dbpass);
if (!$dbcon)
{
return show_error(mysql_error());
}
$dba = @mysql_select_db($dbaccs, $dbcon);
if (!$dba)
{
return show_error(mysql_error());
}
$ip = $_SERVER['REMOTE_ADDR'];
if($multi_ip != 1) {
$query = @mysql_query("SELECT * FROM account_data WHERE lastip = '$ip'") or die(mysql_error());
if(mysql_num_rows($query) != 0) {
return locked_error("You have already used this IP before to register an account.");
}
}
echo '<div id="acc">
<h2 align="center">Create an Account</h2><br /><form method="post">Account Name<br /><input type="text" name="accname" /><br /><br />Account Password<br /><input type="password" name="pword" /><br /><br />Retype your Password<br /><input type="password" name="pwordtwo" /><br /><br />E-mail Address (Use a valid E-mail)<br /><input type="text" name="accmail" /><br /><br /><input type="submit" value="" name="submit" /></form>
</div>';
if(isset($_POST['submit'])) {
if(empty($_POST['accname']) || empty($_POST['pword']) || empty($_POST['pwordtwo']) || empty($_POST['accmail']))
return show_error("Some fields were empty, please fill in all fields.");
if($_POST['pwordtwo'] != $_POST['pword']) return show_error("Your passwords did not match.");
if(!is_valid_email($_POST['accmail'])) return show_error("You must use a valid email");
$query1 = @mysql_query("SELECT * FROM account_data WHERE username = '$_POST[accname]'") or die(mysql_error());
if(mysql_num_rows($query1) != 0) return show_error("Username already exists in our database.");
$query2 = @mysql_query("SELECT * FROM account_data WHERE email = '$_POST[accmail]'") or die(mysql_error());
if(mysql_num_rows($query2) != 0) return show_error("E-mail already exists in our database.");
$query3 = mysql_query("INSERT INTO account_data SET username = '$_POST[accname]', password = '$_POST[pword]', isgm = '0', regtime = '385086', email = '$_POST[accmail]', isactive = '1'") or die(mysql_error());
if (mysql_affected_rows($dbcon) <= 0) return show_error("Something went wrong, please try again. Account was not created!");
echo '<div class="success"><span style="padding-left:35px;">Account successfully created!</span> <div class="s-img"></div></div><br />';
}
?>
Last edited by
requinix on Mon Dec 16, 2013 12:44 pm, edited 1 time in total.
Reason: please use [syntax] tags when posting code
james20020
Forum Newbie
Posts: 2 Joined: Mon Dec 16, 2013 12:16 pm
Post
by james20020 » Mon Dec 16, 2013 8:09 pm
this is the original code
Code: Select all
session_start();
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
// Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
echo 'Thank you."'.$_POST['message'].'"';
$fake = addslashes ($_POST["email"]);
if ($fake) die;
if ((strlen ($_POST["username"]) > 16) || (strlen ($_POST["password1"]) > 16))
die ("Username or password is too long. (16 char max)");
$username = addslashes ($_POST["username"]);
$pw = $_POST["password1"];
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
$username = strtolower ($username);
$password1 = strtolower ($password1);
$password2 = strtolower ($password2);
$email1 = addslashes ($_POST["aabf1"]);
$email2 = addslashes ($_POST["aabf2"]);
if (!$username) die ("No desired account ID specified.");
if (!$password1) die ("No password specified.");
if ($password1 != $password2) die ("Input passwords do not match.");
if ($email1 != $email2) die ("Input emails do not match.");
$reg_seconds = round(time() / 3600);
$password1 .= "_" . $reg_seconds . "_salt";
$password1 = addslashes($password1);
if (!$db = @mysql_connect ("localhost", "database_pso", "password") )
die ("Can't connect to MySQL.");
if (!@mysql_select_db ("pso", $db))
die ("Can't select PSO database.");
$sql = "SELECT * from account_data WHERE username='" . $username . "'";
$result = mysql_query ($sql, $db);
if (!$result) die ("Unable to query database.");
if ($myrow = mysql_fetch_array($result))
die ("Account name is already taken.");
$password1 = md5 ($password1);
$sql = "INSERT into account_data (username,password,email,regtime,isgm,isactive) "
. "VALUES ('". $username . "', '" . $password1 . "', '" . $email1 . "', '" . $reg_seconds . "', '0', '1')";
$result = mysql_query ($sql, $db);
if (!$result) die ("Unable to add account into database.");
unset($_SESSION['security_code']);
} else {
// Insert your code for showing an error message here
echo 'Sorry, you have provided an invalid security code ';
}
$gcnum = mysql_insert_id();
echo "Account " . $username ." was successfully created!<br><br>\r\nYour new guild card # is " . $gcnum;
}
?>
Christopher
Site Administrator
Posts: 13596 Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US
Post
by Christopher » Tue Dec 17, 2013 7:39 pm
Which lines are not working? There appear to be lots of problems. And, the code uses the old MySQL library and is very insecure.
(#10850)