Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html>
- <html lang="pl">
- <head>
- <title>Avergos.com </title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <link rel="stylesheet" type="text/css" href="css/front.css">
- <link rel="stylesheet" type="text/css" href="css/style.css">
- </head>
- <body>
- <div id="page">
- <a id="header" href="/"></a>
- <div id="bg">
- <div class="wood"></div>
- <div class="planks"></div>
- </div>
- <div id="content">
- <center>
- <div id="center">
- <div class="content">
- <p align="center">
- </br>
- <?php
- function checkItem($str)
- {
- $str = addslashes($str);
- $str = strtolower($str);
- $ddnstr = array('drop', 'union', 'select', 'exec', 'xp', 'var', 'set', 'update', 'where', 'and', '=', 'truncate', 'table', '*', 'top', 'null', 'delay', 'sleep', 'waitfor', 'from', 'execute', 'account', 'char', 'item', 'cash');
- foreach ($ddnstr as $singlestr) {
- $checkVal = strpos($str, $singlestr);
- if ($checkVal != false) {
- header('location: index.php');
- exit();
- } else if (!ctype_alnum($str)) {
- header('location: index.php');
- exit();
- }
- }
- }
- # DATABASE
- $dbHost = '185.223.28.142';
- $dbUser = 'sa';
- $dbPass = '9dOp281smfn';
- # CONNECT
- $connection = @odbc_connect("Driver={ODBC Driver 17 for SQL Server};Server=$dbHost;", $dbUser, $dbPass) or die(odbc_errormsg());
- if(isset($_POST['reg']))
- {
- $username = isset($_POST['username']) ? trim($_POST['username']) : '';
- $password = isset($_POST['password']) ? trim($_POST['password']) : '';
- $password2 = isset($_POST['password2']) ? trim($_POST['password2']) : '';
- $email = isset($_POST['email']) ? trim($_POST['email']) : '';
- checkItem($username);
- checkItem($password);
- checkItem($password2);
- if(empty($username)){
- show_message("REGISTER", "Please provide a user name.", 1);
- return;
- }else if(strlen($username) < 3 || strlen($username) > 16){
- show_message("REGISTER", "User name must be between 3 and 16 characters in length.", 1);
- return;
- }else if(ctype_alnum($username) === false){
- show_message("REGISTER", "User name must consist of numbers and letters only.", 1);
- return;
- }else{
- $sql = "SELECT szUserID FROM TGLOBAL_GSP.dbo.TACCOUNT WHERE szUserID = ?";
- $stmt = odbc_prepare($connection,$sql);
- $args = array($username);
- if(!odbc_execute($stmt,$args)){
- show_message("REGISTER", "Failed to determine if this username already exists in the database.", 1);
- return;
- }elseif($row = odbc_fetch_array($stmt)){
- show_message("REGISTER", "User name already exists, please choose a different user name.", 1);
- return;
- }
- }
- if(empty($password)){
- show_message("REGISTER", "Please provide a password.", 1);
- return;
- }else if(strlen($password) > 16){
- show_message("REGISTER", "The password must be less than 16 chars.", 1);
- return;
- }else if($password != $password2){
- show_message("REGISTER", "Passwords must be the same!", 1);
- return;
- }else if(strpos($password, "--")){
- show_message("REGISTER", "Password containts forbidden characters", 1);
- return;
- }
- if(empty($email)){
- show_message("REGISTER", "Please provide a email.", 1);
- return;
- } else {
- $mailsanitize = filter_var($email, FILTER_SANITIZE_EMAIL);
- if((filter_var($mailsanitize, FILTER_VALIDATE_EMAIL)==false) || ($mailsanitize!=$email)){
- show_message("REGISTER", "Mail is incorrect.", 1);
- return;
- }
- }
- $password = md5($password);
- $result = odbc_exec($connection, "SELECT * FROM TGLOBAL_GSP.dbo.TACCOUNT"); // vyčtení záznamů
- $row = odbc_num_rows($result); // zjištění počtu řádek
- $ml = $row + 1;
- $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TACCOUNT (dwUserID, szUserID,szPasswd,bCheck,szEmail) VALUES (?, ?, ?, 1, ?)");
- $sql = odbc_execute($sql, [$ml, $username, $password, $email]);
- $pin = "";
- $pin .= mt_rand(0, 9);
- $pin .= mt_rand(0, 9);
- $pin .= mt_rand(0, 9);
- $pin .= mt_rand(0, 9);
- $donething = md5($pin);
- $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TPINTABLE (dwUserID, strPIN) VALUES (?,'$donething')");
- $sql = odbc_execute($sql, [$ml]);
- show_message("REGISTER", "Account ".$username." was sucessfully created! Your pin is: ".$pin."", 2);
- return;
- }
- function show_message($x, $msg, $y)
- {
- echo $msg;
- echo '</br><a href="register.php">BACK</a>';
- }
- ?>
- <form name="register" method="post" action="">
- <div align="center">
- <div class="page-title">REGISTER</div>
- <div class="page-content">
- <table cellspacing="0" cellpadding="0" width="450">
- <tr class="tableform-nopadding">
- <td align="left">Username:</td><td align="right"><input type="text" maxlength="16" name="username" placeholder="Username..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">Password:</td><td align="right"><input type="password" maxlength="16" name="password" placeholder="Password..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">Repeat password:</td><td align="right"><input type="password" maxlength="16" name="password2" placeholder="Repeat password..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">E-Mail:</td><td align="right"><input type="text" maxlength="50" name="email" placeholder="E-mail..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td colspan="2" align="center">
- <div id="game_rules_reg">
- <?php
- //$file = file_get_contents('./includes/rules.php');
- //echo $file;
- ?>
- </div>
- </td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">Accept game rules: <a href="rules.php">Rules</a></td>
- <td align="right"><input type="checkbox" id="accept" value="accepted" name="accept" /></td>
- </tr>
- <tr><td><div align="right" class="g-recaptcha" data-sitekey="6Ld0RmQUAAAAACMjt4zsSYuzG8BQHRd6ZhlyYxOL"></div></td></tr>
- <tr class="tr-form">
- <td colspan="2" align="center"><input type="submit" name="reg" value="Make Account" class="big_button"></input></td>
- </tr>
- </table>
- </div>
- </div>
- </form>
- </p>
- </div>
- </div>
- </center>
- </div>
- </div>
- <script src='https://www.google.com/recaptcha/api.js'></script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement