SHARE
TWEET

Untitled

a guest Jan 20th, 2017 53 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. if (isset($_POST['reg'])) {
  3.     function ValidE( $email ){
  4.         return filter_var( $email, FILTER_VALIDATE_EMAIL );
  5.     }
  6.  
  7.  
  8.     function generateSalt() {
  9.         $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  10.         $randomString = '';
  11.         for ($i = 0; $i < 10; $i++) {
  12.             $randomString .= $characters[rand(0, strlen($characters) - 1)];
  13.         }
  14.         return $randomString;
  15.     }
  16. }
  17.  
  18.  
  19.  
  20. class ES_Database
  21. {
  22.     public $conn = NULL;
  23.     private $query = NULL;
  24.     private $sql_resource = NULL;
  25.     public $query_count = 0;
  26.     private $query_parameters = array();
  27.     private $_Config = NULL;
  28.    
  29.     //Construct
  30.     public function ES_Database()
  31.     {
  32.         global $_Config;
  33.         $this->_Config = $_Config;
  34.         //$this->Connect($db);
  35.     }
  36.  
  37.  
  38.     public function Connect($db)
  39.     {
  40.         //Build the connection array
  41.         $conn_array = array( "UID" => $this->_Config['SQL']['User'] , "PWD" => $this->_Config['SQL']['Pass'] , "Database" => $db );
  42.        
  43.         //Connect or die
  44.         $this->conn = sqlsrv_connect( $this->_Config['SQL']['Host'] , $conn_array ) or $this->OnDBError();
  45.        
  46.     }
  47.    
  48.     public function OnDBError()
  49.     {
  50.         if( $this->_Config['SQL_Error_Display'] )
  51.         {
  52.             $k = (array) sqlsrv_errors();
  53.             foreach( $k as $error => $message )
  54.             {
  55.                 echo "[$error] " . $message[2] . "<br>" ;
  56.             }
  57.         }
  58.     }
  59.    
  60.     public function query( $sql , $type = 0 )
  61.     {
  62.         if( $type == 0 )
  63.         {
  64.             $type = array( "Scrollable" => 'forward' );
  65.         }
  66.         elseif( $type == 1 )
  67.         {
  68.             $type = array( "Scrollable" => 'static' );
  69.         }
  70.         elseif( $type == 2 )
  71.         {
  72.             $type = array( "Scrollable" => 'dynamic' );
  73.         }
  74.         elseif( $type == 3 )
  75.         {
  76.             $type = array( "Scrollable" => 'keyset' );
  77.         }  
  78.         elseif( $type == 4 )
  79.         {
  80.             $type = array( "Scrollable" => 'buffered' );
  81.         }              
  82.        
  83.         $this->query = $sql;
  84.        
  85.         $this->sql_resource = sqlsrv_query( $this->conn , $this->query  , array() , $type );
  86.        
  87.         if( ! $this->sql_resource )
  88.         {
  89.             $this->OnDbError();
  90.         }
  91.    
  92.         $this->query_count++;
  93.     }    
  94.    
  95.     public function fetchResult()
  96.     {
  97.         if( $this->sql_resource )
  98.         {
  99.             sqlsrv_fetch( $this->sql_resource );
  100.             $k = sqlsrv_get_field( $this->sql_resource , 0 );
  101.             $this->Free();
  102.             return $k;
  103.         }
  104.         else
  105.         {
  106.             if( $this->_Config['SQL_Error_Display'] )
  107.             {
  108.                 echo "There is nothing to fetch or there was an error with your query. - " , __FUNCTION__ ;
  109.             }
  110.         }
  111.        
  112.         $this->sql_resource = NULL;
  113.     }
  114.    
  115.     public function fetchAssoc()
  116.     {
  117.         if( $this->sql_resource )
  118.         {
  119.             $r = Array();
  120.             $count = 0;
  121.             $stop = false;
  122.             /*$k = sqlsrv_fetch_array( $this->sql_resource );
  123.             $this->Free();
  124.             return $k;*/
  125.            
  126.             while (!$stop)
  127.             {
  128.                 $row = sqlsrv_fetch_array($this->sql_resource);
  129.                 if ($row === false) die("Account has been registered.");
  130.                 $stop = !$row;
  131.                 if (!$stop) $r[$count] = $row;
  132.                 $count++;
  133.             }
  134.             return $r;
  135.         }
  136.         else
  137.         {
  138.             if( $this->_Config['SQL_Error_Display'] )
  139.             {
  140.                 echo "There is nothing to fetch or there was an error with your query. - " , __FUNCTION__ ;
  141.             }
  142.         }
  143.        
  144.         $this->sql_resource = NULL;
  145.     }
  146.  
  147.  
  148.     public function fetchObject($silent = false)
  149.     {
  150.         if( $this->sql_resource )
  151.         {
  152.             $k = sqlsrv_fetch_object( $this->sql_resource );
  153.             $this->Free();
  154.             return $k;
  155.         }
  156.         else
  157.         {
  158.             if( $this->_Config['SQL_Error_Display'] )
  159.             {
  160.                 if (!$silent)
  161.                     echo "There is nothing to fetch or an error with your query. - " , __FUNCTION__;
  162.             }
  163.         }
  164.        
  165.         $this->sql_resource = NULL;        
  166.     }
  167.    
  168.     public function prepare( $sql , array $parameters )
  169.     {
  170.         $this->query = $sql;
  171.        
  172.         $this->query_parameters = $parameters;
  173.        
  174.         $arr = array();
  175.        
  176.         foreach( $this->query_parameters as $key => $value )
  177.         {
  178.            
  179.             $arr[$key] = &$this->query_parameters[$key];
  180.         }
  181.  
  182.  
  183.         $this->sql_resource = sqlsrv_prepare( $this->conn , $this->query , $arr );
  184.        
  185.         $this->query_count++;
  186.        
  187.         if( ! $this->sql_resource )
  188.         {
  189.             if( $this->_Config['SQL_Error_Display'] )
  190.             {
  191.                 echo "Prepared statement failed, check your query.";
  192.             }
  193.         }
  194.     }    
  195.  
  196.  
  197.     public function execute()
  198.     {
  199.         if( $this->sql_resource )
  200.         {
  201.             return sqlsrv_execute( $this->sql_resource );
  202.         }
  203.         else
  204.         {
  205.             if( $this->_Config['SQL_Error_Display'] )
  206.             {
  207.                 echo "There is nothing to execute or an error with your prepared statement.";
  208.             }
  209.         }
  210.     }
  211.    
  212.     public function prepareAndFetch( $sql , array $parameters , $type = 0 )
  213.     {
  214.         $this->prepare( $sql , $parameters );
  215.        
  216.         $this->execute();
  217.        
  218.         if( $type == 0 )
  219.         {
  220.             return $this->fetchAssoc();
  221.         }
  222.         elseif( $type == 1 )
  223.         {
  224.             return $this->fetchResult();
  225.         }
  226.         elseif( $type == 2 )
  227.         {
  228.             return $this->fetchObject();
  229.         }
  230.     }
  231.    
  232.     public function prepareAndExecute( $sql , array $parameters , $type = 0 )
  233.     {
  234.         $this->prepare( $sql , $parameters );
  235.        
  236.         $this->execute();
  237.     }    
  238.    
  239.     public function queryAndFetch( $sql , $type = 0 , $pquery = false , $parameters = NULL )
  240.     {
  241.         if( $pquery == false )
  242.         {
  243.             $this->query( $sql );
  244.         }
  245.         else
  246.         {
  247.             $this->pquery( $sql , $parameters );
  248.         }
  249.        
  250.         if( $type == 0 )
  251.         {
  252.             return $this->fetchAssoc();
  253.         }
  254.         elseif( $type == 1 )
  255.         {
  256.             return $this->fetchResult();
  257.         }
  258.         elseif( $type == 2 )
  259.         {
  260.             return $this->fetchObject();
  261.         }
  262.     }
  263.    
  264.     public function NumRows()
  265.     {
  266.         if( $this->sql_resource )
  267.         {
  268.             return sqlsrv_num_rows( $this->sql_resource );
  269.         }
  270.         else
  271.         {
  272.             if( $this->_Config['SQL_Error_Display'] )
  273.             {
  274.                 echo "There is no query set or an error with your query. - " , __FUNCTION__;
  275.             }
  276.         }
  277.     }
  278.    
  279.     public function pquery( $sql , array $parameters , $type = 0 )
  280.     {
  281.         if( $type == 1 )
  282.         {
  283.             $type = array( "Scrollable" => 'forward' );
  284.         }
  285.         elseif( $type == 2 )
  286.         {
  287.             $type = array( "Scrollable" => 'static' );
  288.         }
  289.         elseif( $type == 3 )
  290.         {
  291.             $type = array( "Scrollable" => 'dynamic' );
  292.         }
  293.         elseif( $type == 4 )
  294.         {
  295.             $type = array( "Scrollable" => 'keyset' );
  296.         }  
  297.         elseif( $type == 5 )
  298.         {
  299.             $type = array( "Scrollable" => 'buffered' );
  300.         }
  301.         else
  302.         {
  303.             unset( $type );
  304.         }
  305.        
  306.         $this->query = $sql;
  307.        
  308.         if( isset( $type ) )
  309.         {
  310.             $this->sql_resource = sqlsrv_query( $this->conn , $this->query , $parameters , $type );
  311.         }
  312.         else
  313.         {
  314.             $this->sql_resource = sqlsrv_query( $this->conn , $this->query , $parameters );
  315.         }
  316.        
  317.         if( ! $this->sql_resource )
  318.         {
  319.             if( $this->_Config['SQL_Error_Display'] )
  320.             {
  321.                 echo "Query Failed";
  322.             }
  323.         }
  324.        
  325.         $this->query_count++;
  326.     }
  327.    
  328.     public function HasRows()
  329.     {
  330.         if( $this->sql_resource )
  331.         {
  332.             return sqlsrv_has_rows( $this->sql_resource );
  333.         }
  334.         else
  335.         {
  336.             if( $this->_Config['SQL_Error_Display'] )
  337.             {
  338.                 echo "There is no query set or an error with your query. - " , __FUNCTION__;
  339.             }
  340.         }      
  341.     }
  342.    
  343.     public function RowsAffected()
  344.     {
  345.         if( $this->sql_resource )
  346.         {
  347.             return sqlsrv_rows_affected( $this->sql_resource );
  348.         }
  349.         else
  350.         {
  351.             if( $this->_Config['SQL_Error_Display'] )
  352.             {
  353.                 echo "There is no query set or an error with your query.";
  354.             }
  355.         }      
  356.     }
  357.    
  358.  
  359.     public function Free()
  360.     {
  361.         $this->query = NULL;
  362.        
  363.         $this->query_parameters = array();
  364.        
  365.         if( $this->sql_resource )
  366.         {
  367.            sqlsrv_free_stmt( $this->sql_resource );
  368.         }
  369.     }
  370.    
  371.     public function Disconnect()
  372.     {
  373.         ( $this->conn == NULL ) ? NULL : sqlsrv_close( $this->conn );
  374.     }
  375.    
  376.     public function Escape( $str )
  377.     {
  378.         $str = str_replace( "'", "''", $str );
  379.         return trim( $str );
  380.     }
  381. }
  382.    
  383.     function error($s)
  384.     {
  385.         echo $s;
  386.         exit;
  387.     }
  388.  
  389.  
  390.  
  391.  
  392.     if (!isset($_POST['user']) || !isset($_POST['pass']) || !isset($_POST['email']))
  393.     {
  394.        
  395.     }
  396.     $sUser = $_POST['user'];
  397.     $sPass = $_POST['pass'];
  398.     $sEmail = $_POST['email'];
  399.  
  400.  
  401.     if (!ctype_alnum($sUser))
  402.     {
  403.         error("Invalid Username. Alpha-Numeric characters only.");
  404.     }
  405.     if (!ctype_alnum($sPass))
  406.     {
  407.         error("Invalid Password. Alpha-Numeric characters only.");
  408.     }
  409.     if (!ValidE($sEmail))
  410.     {
  411.         error("Invalid Username. Alpha-Numeric characters only.");
  412.     }
  413.     if (strlen($sUser) <= 3)
  414.     {
  415.         error("Invalid Username. Must be atleast 4 characters.");
  416.     }
  417.     if (strlen($sPass) <= 3)
  418.     {
  419.         error("Invalid Password. Must be atleast 4 characters.");
  420.     }
  421.    
  422.     $DB = new ES_Database();
  423.     $DB->connect($_Config['SQL']['Database']);
  424.     $TopUserArray = $DB->queryAndFetch("SELECT TOP 1 * FROM tAccounts ORDER BY nEMID DESC", 0, true, array());
  425.     $UserExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sUsername = ?", 0, true, array($sUser));
  426.    
  427.     if (count($TopUserArray) == 0)
  428.     {
  429.         $nID = 1;
  430.     }
  431.     else
  432.     {
  433.         $nID = $TopUserArray[0]['nEMID'];
  434.     }
  435.    
  436.     if(count($UserExistArray) > 0)
  437.     {
  438.         error("Username already taken, please try again.");
  439.         die();
  440.     }
  441.    
  442.     $nID = intval($nID) + 1;
  443.    
  444.     $sSalt = generateSalt();
  445.    
  446.     $sSafePass = MD5(MD5($sPass) . $sSalt);
  447.    
  448.     $sIP = $_SERVER['REMOTE_ADDR'];
  449.    
  450.     $params = array( $nID , $sUser , $sPass , $sSalt , $sEmail, $sIP );
  451.     $sql = "INSERT INTO tAccounts([nEMID],[sUsername],[sUserPass],[sUserPassSalt],[sEmail],[nAuthID],[sIP],[dDate],[sRID]) VALUES ( ? , ? , ? , ? , ? , 1 , ? , CURRENT_TIMESTAMP, '-' );";
  452.    
  453.     $DB->queryAndFetch($sql, 0, true, $params);
  454.    
  455.     die("Your account has been created!");
  456.     exit;
  457. }
  458. ?>
  459. <html xmlns="http://www.w3.org/1999/xhtml">
  460. <head>
  461. <title>Arcana Online - Account Creation</title>
  462. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  463. <style type="text/css">
  464. *{margin:0;padding:0;}body{padding-top:00px;font:11px "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;}form{margin-left:8px;border:1px #000000;padding:16px 16px 40px 16px;font-weight:normal;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:5px;background:#fff;border:1px solid #e5e5e5;-moz-box-shadow:rgba(200,200,200,1) 0 4px 18px;-webkit-box-shadow:rgba(200,200,200,1) 0 4px 18px;-khtml-box-shadow:rgba(200,200,200,1) 0 4px 18px;box-shadow:rgba(200,200,200,1) 0 4px 18px;}form .forgetmenot{font-weight:normal;float:left;margin-bottom:0;}.button-primary{font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;padding:3px 10px;border:none;font-size:12px;border-width:1px;border-style:solid;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:11px;cursor:pointer;text-decoration:none;margin-top:-3px;}#login form p{margin-bottom:0;}label{color:#777;font-size:13px;}form .forgetmenot label{font-size:11px;line-height:19px;}form .submit,.alignright{float:right;}form p{margin-bottom:24px;}h1 #nav{text-shadow:rgba(255,255,255,1) 0 1px 0;}#backtoblog{position:absolute;top:0;left:0;border-bottom:#c6c6c6 1px solid;background:#d9d9d9;background:-moz-linear-gradient(bottom,#d7d7d7,#e4e4e4);background:-webkit-gradient(linear,left bottom,left top,from(#d7d7d7),to(#e4e4e4));height:30px;width:100%;}#backtoblog a{text-decoration:none;display:block;padding:8px 0 0 15px;}#login{width:320px;margin:0em auto;}#login_error,.message{margin:0 0 16px 8px;border-width:1px;border-style:solid;padding:0px;-moz-border-radius:3px;-khtml-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;}#nav{margin:0 0 0 8px;padding:16px;}#user_pass,#user_login,#user_email{font-size:12px;width:97%;padding:3px;margin-top:2px;margin-right:6px;margin-bottom:16px;border:1px solid #e5e5e5;background:#fbfbfb;}input{color:#555;}.clear{clear:both;}
  465. </style>
  466. <body background="">
  467. <center>
  468. <table border="0" width="50%" style="background:transparent;">
  469. <tr>
  470. <td>
  471. <center>
  472. <Br>
  473. <div id="login">
  474. <form name="loginform" id="loginform" action="#" method="post">
  475.  
  476.  
  477.     <div id="registerform">
  478.     <b><font color="black">Account Creation</b></font><br><br>
  479.     <p></p>
  480.     <p>
  481.         <label>Username: &nbsp;
  482.         <input type="text" name="user" id="user" class="input" value=""  /></label><br><br><br>
  483.     </p>
  484.     <p>
  485.         <label>Password: &nbsp;
  486.         <input type="password" name="pass" id="pass" class="input" value=""  /></label><br><br>
  487.     </p>
  488.     <p>
  489.         <label>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Email: &nbsp;
  490.         <input type="text" name="email" id="email" class="input" value=""  /></label>
  491.     </p>
  492.     <p><br><br></p>
  493.     <p class="submit">
  494.         <input type="button" id="GoBtn" class="button-primary" onClick="doSignup()" value="Create Account" tabindex="100" />
  495.     </p>
  496.  
  497.  
  498. </div></form><br><br><script language = "javascript">
  499. function doSignup()
  500. {
  501. user = document.getElementById("user").value;
  502. pass = document.getElementById("pass").value;
  503. email = document.getElementById("email").value;
  504.  
  505.  
  506. xUrl = "?r=" + Math.floor(Math.random()*132165321);
  507. document.getElementById("registerform").innerHTML = "<br><br><center><img src='https://secure.extrinsicstudio.com/res/img/loader.gif'><br><br>";
  508. if (window.XMLHttpRequest)
  509.   {
  510.   xmlhttp=new XMLHttpRequest();
  511.   }
  512. else
  513.   {
  514.   xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  515.   }
  516.  
  517.  
  518. xmlhttp.onreadystatechange=function()
  519.   {
  520.   if (xmlhttp.readyState==4 && xmlhttp.status==200)
  521.     {
  522.     setTimeout("ShowResponse(xmlhttp.responseText)",2000);
  523.     }
  524.   }
  525.   xmlhttp.open("POST", xUrl, true);
  526.   xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
  527. xmlhttp.send("reg=1&user=" + user + "&pass=" + pass + "&email=" + email);
  528. if (navigator.userAgent.indexOf("Firefox") != -1)
  529. {
  530. setTimeout("ShowResponse(xmlhttp.responseText)",2000);
  531. }
  532. }
  533.  
  534.  
  535. function ResetForm(u)
  536. {
  537.     window.location = window.location;
  538. }
  539. function ShowResponse(ResponseText)
  540. {
  541.     alert(ResponseText);
  542.     window.location = window.location;
  543. }
  544.  
  545.  
  546. </script>
  547.         </div>
  548.             </body>
  549. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top