API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 9th, 2018
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.12 KB | None | 0 0
raw download clone embed print report
  1. <!DOCTYPE html>
  2.  
  3. <html lang="pl">
  4. <head>
  5. <title>Avergos.com </title>
  6. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  7.  
  8. <link rel="stylesheet" type="text/css" href="css/front.css">
  9. <link rel="stylesheet" type="text/css" href="css/style.css">
  10. </head>
  11.  
  12.  
  13. <body>
  14. <div id="page">
  15. <a id="header" href="/"></a>
  16. <div id="bg">
  17. <div class="wood"></div>
  18. <div class="planks"></div>
  19. </div>
  20.  
  21. <div id="content">
  22. <center>
  23. <div id="center">
  24. <div class="content">
  25. <p align="center">
  26.  
  27. </br>
  28.  
  29. <?php
  30.  
  31. function checkItem($str)
  32. {
  33. $str = addslashes($str);
  34. $str = strtolower($str);
  35.  
  36. $ddnstr = array('drop', 'union', 'select', 'exec', 'xp', 'var', 'set', 'update', 'where', 'and', '=', 'truncate', 'table', '*', 'top', 'null', 'delay', 'sleep', 'waitfor', 'from', 'execute', 'account', 'char', 'item', 'cash');
  37.  
  38. foreach ($ddnstr as $singlestr) {
  39. $checkVal = strpos($str, $singlestr);
  40. if ($checkVal != false) {
  41. header('location: index.php');
  42. exit();
  43. } else if (!ctype_alnum($str)) {
  44. header('location: index.php');
  45. exit();
  46. }
  47. }
  48. }
  49.  
  50.  
  51. # DATABASE
  52. $dbHost = '185.223.28.142';
  53. $dbUser = 'sa';
  54. $dbPass = '9dOp281smfn';
  55.  
  56. # CONNECT
  57. $connection = @odbc_connect("Driver={ODBC Driver 17 for SQL Server};Server=$dbHost;", $dbUser, $dbPass) or die(odbc_errormsg());
  58.  
  59. if(isset($_POST['reg']))
  60. {
  61. $username = isset($_POST['username']) ? trim($_POST['username']) : '';
  62. $password = isset($_POST['password']) ? trim($_POST['password']) : '';
  63. $password2 = isset($_POST['password2']) ? trim($_POST['password2']) : '';
  64. $email = isset($_POST['email']) ? trim($_POST['email']) : '';
  65.  
  66. checkItem($username);
  67. checkItem($password);
  68. checkItem($password2);
  69.  
  70. if(empty($username)){
  71. show_message("REGISTER", "Please provide a user name.", 1);
  72. return;
  73. }else if(strlen($username) < 3 || strlen($username) > 16){
  74. show_message("REGISTER", "User name must be between 3 and 16 characters in length.", 1);
  75. return;
  76. }else if(ctype_alnum($username) === false){
  77. show_message("REGISTER", "User name must consist of numbers and letters only.", 1);
  78. return;
  79. }else{
  80. $sql = "SELECT szUserID FROM TGLOBAL_GSP.dbo.TACCOUNT WHERE szUserID = ?";
  81. $stmt = odbc_prepare($connection,$sql);
  82. $args = array($username);
  83. if(!odbc_execute($stmt,$args)){
  84. show_message("REGISTER", "Failed to determine if this username already exists in the database.", 1);
  85. return;
  86. }elseif($row = odbc_fetch_array($stmt)){
  87. show_message("REGISTER", "User name already exists, please choose a different user name.", 1);
  88. return;
  89. }
  90. }
  91.  
  92. if(empty($password)){
  93. show_message("REGISTER", "Please provide a password.", 1);
  94. return;
  95. }else if(strlen($password) > 16){
  96. show_message("REGISTER", "The password must be less than 16 chars.", 1);
  97. return;
  98. }else if($password != $password2){
  99. show_message("REGISTER", "Passwords must be the same!", 1);
  100. return;
  101. }else if(strpos($password, "--")){
  102. show_message("REGISTER", "Password containts forbidden characters", 1);
  103. return;
  104. }
  105.  
  106. if(empty($email)){
  107. show_message("REGISTER", "Please provide a email.", 1);
  108. return;
  109. } else {
  110. $mailsanitize = filter_var($email, FILTER_SANITIZE_EMAIL);
  111. if((filter_var($mailsanitize, FILTER_VALIDATE_EMAIL)==false) || ($mailsanitize!=$email)){
  112. show_message("REGISTER", "Mail is incorrect.", 1);
  113. return;
  114. }
  115. }
  116.  
  117.  
  118. $password = md5($password);
  119. $result = odbc_exec($connection, "SELECT * FROM TGLOBAL_GSP.dbo.TACCOUNT"); // vyčtení záznamů
  120. $row = odbc_num_rows($result); // zjištění počtu řádek
  121. $ml = $row + 1;
  122.  
  123. $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TACCOUNT (dwUserID, szUserID,szPasswd,bCheck,szEmail) VALUES (?, ?, ?, 1, ?)");
  124. $sql = odbc_execute($sql, [$ml, $username, $password, $email]);
  125.  
  126. $pin = "";
  127. $pin .= mt_rand(0, 9);
  128. $pin .= mt_rand(0, 9);
  129. $pin .= mt_rand(0, 9);
  130. $pin .= mt_rand(0, 9);
  131.  
  132. $donething = md5($pin);
  133.  
  134. $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TPINTABLE (dwUserID, strPIN) VALUES (?,'$donething')");
  135. $sql = odbc_execute($sql, [$ml]);
  136.  
  137. show_message("REGISTER", "Account ".$username." was sucessfully created! Your pin is: ".$pin."", 2);
  138. return;
  139. }
  140.  
  141. function show_message($x, $msg, $y)
  142. {
  143. echo $msg;
  144. echo '</br><a href="register.php">BACK</a>';
  145. }
  146.  
  147. ?>
  148.  
  149. <form name="register" method="post" action="">
  150. <div align="center">
  151. <div class="page-title">REGISTER</div>
  152. <div class="page-content">
  153. <table cellspacing="0" cellpadding="0" width="450">
  154. <tr class="tableform-nopadding">
  155. <td align="left">Username:</td><td align="right"><input type="text" maxlength="16" name="username" placeholder="Username..."/></td>
  156. </tr>
  157. <tr class="tableform-nopadding">
  158. <td align="left">Password:</td><td align="right"><input type="password" maxlength="16" name="password" placeholder="Password..."/></td>
  159. </tr>
  160. <tr class="tableform-nopadding">
  161. <td align="left">Repeat password:</td><td align="right"><input type="password" maxlength="16" name="password2" placeholder="Repeat password..."/></td>
  162. </tr>
  163. <tr class="tableform-nopadding">
  164. <td align="left">E-Mail:</td><td align="right"><input type="text" maxlength="50" name="email" placeholder="E-mail..."/></td>
  165. </tr>
  166. <tr class="tableform-nopadding">
  167. <td colspan="2" align="center">
  168. <div id="game_rules_reg">
  169. <?php
  170. //$file = file_get_contents('./includes/rules.php');
  171. //echo $file;
  172. ?>
  173. </div>
  174.  
  175. </td>
  176. </tr>
  177. <tr class="tableform-nopadding">
  178. <td align="left">Accept game rules: <a href="rules.php">Rules</a></td>
  179. <td align="right"><input type="checkbox" id="accept" value="accepted" name="accept" /></td>
  180. </tr>
  181. <tr><td><div align="right" class="g-recaptcha" data-sitekey="6Ld0RmQUAAAAACMjt4zsSYuzG8BQHRd6ZhlyYxOL"></div></td></tr>
  182. <tr class="tr-form">
  183. <td colspan="2" align="center"><input type="submit" name="reg" value="Make Account" class="big_button"></input></td>
  184. </tr>
  185. </table>
  186. </div>
  187. </div>
  188. </form>
  189.  
  190.  
  191.  
  192. </p>
  193. </div>
  194. </div>
  195. </center>
  196. </div>
  197.  
  198. </div>
  199.  
  200. <script src='https://www.google.com/recaptcha/api.js'></script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!