Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- error_reporting(E_ALL);
- ini_set('display_errors', 'On');
- global $GMSG;
- function show_message($x, $msg, $y)
- {
- global $GMSG;
- $GMSG = $msg;
- }
- if(isset($_POST["form1_submit"]) && isset($_SESSION["sended"]) == $_POST['form1_token'])
- {
- show_message("REGISTER", "Ups! Coś poszło nie tak!", 1);
- }elseif(isset($_POST["form1_submit"]) && isset($_SESSION["sended"]) != $_POST['form1_token'])
- {
- if(isset($_SESSION["sended"]))
- $_SESSION["sended"] = $_POST["form1_token"];
- function checkItem($str)
- {
- $str = addslashes($str);
- $str = strtolower($str);
- $ddnstr = array('drop', 'insert', 'delete', 'union', 'select', 'exec', 'xp', 'var', 'set', 'update', 'where', 'and', '=', 'truncate', 'table', '*', 'top', 'null', 'delay', 'sleep', 'waitfor', 'from', 'execute', 'account', 'char', 'item', 'cash');
- foreach ($ddnstr as $singlestr) {
- $checkVal = strpos($str, $singlestr);
- if ($checkVal != false) {
- //header('location: index.php');
- //exit();
- } else if (!ctype_alnum($str)) {
- //header('location: index.php');
- //exit();
- }
- }
- }
- $userName = isset($_POST['form1_username']) ? trim($_POST['form1_username']) : '';
- $userEmail = isset($_POST['form1_email']) ? trim($_POST['form1_email']) : '';
- $userPassword = isset($_POST['form1_password']) ? trim($_POST['form1_password']) : '';
- $userPassword2 = isset($_POST['form1_password2']) ? trim($_POST['form1_password2']) : '';
- checkItem($userName);
- checkItem($userPassword);
- checkItem($userPassword2);
- $userName = htmlspecialchars($userName);
- $userEmail = htmlspecialchars($userEmail);
- $userPassword = htmlspecialchars($userPassword);
- $userPassword2 = htmlspecialchars($userPassword2);
- $userName = addslashes($userName);
- $userEmail = addslashes($userEmail);
- $userPassword = addslashes($userPassword);
- $userPassword2 = addslashes($userPassword2);
- if(empty($userName)){
- show_message("REGISTER", "Please provide a user name.", 1);
- }else if(strlen($userName) < 3 || strlen($userName) > 16){
- show_message("REGISTER", "User name must be between 3 and 16 characters in length.", 1);
- }else if(ctype_alnum($userName) === false){
- show_message("REGISTER", "User name must consist of numbers and letters only.", 1);
- }else{
- //$userName = addcslashes($userName);
- // userName success
- if(empty($userPassword)){
- show_message("REGISTER", "Please provide a password.", 1);
- }else if(strlen($userPassword) < 5 || strlen($userPassword) > 16){
- show_message("REGISTER", "Passwords must be between 5 and 16 characters in length.", 1);
- }else if($userPassword != $userPassword2){
- show_message("REGISTER", "Passwords must be the same!", 1);
- }else if(strpos($userPassword, "--")){
- show_message("REGISTER", "Password containts forbidden characters", 1);
- }else{
- //Password success
- if(empty($userEmail)) {
- show_message("REGISTER", "Please provide a email.", 1);
- }elseif(!filter_var($userEmail, FILTER_VALIDATE_EMAIL)) {
- show_message("REGISTER", "Please provide a email.", 1);
- }else if(strlen($userEmail) < 3 || strlen($userEmail) > 50) {
- show_message("REGISTER", "Email must be between 3 and 50 characters in length.", 1);
- }else{
- // Email OK
- if(!isset($_POST['form1_rules'])) {
- show_message("REGISTER", "Accept Rules", 1);
- }else{
- $connection = @odbc_connect("Driver={ODBC Driver 17 for SQL Server};Server=$dbHost;", $dbUser, $dbPass) or die(odbc_errormsg());
- $sql = "SELECT * FROM TGLOBAL_GSP.dbo.ACCOUNTWEB";
- $result = odbc_exec($connection, $sql);
- $lastID = 0;
- while ($rows = odbc_fetch_object($result)) {
- $lastID = $rows->ACCOUNTID+1;
- }
- $data = date("Y-m-d H:i:s");
- $userPassword = md5($userPassword);
- $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TACCOUNT (dwUserID, szUserID, szPasswd, bCheck, szEmail, dFirstLogin) VALUES (?, ?, ?, 1, ?, ?)");
- $sql = odbc_execute($sql, [$lastID, $userName, $userPassword, $userEmail, $data]);
- if($sql)
- {
- $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.ACCOUNTWEB (ACCOUNTID) VALUES (?)");
- $sql = odbc_execute($sql, [$lastID]);
- if($sql)
- {
- $pin = "";
- $pin .= mt_rand(0, 9);
- $pin .= mt_rand(0, 9);
- $pin .= mt_rand(0, 9);
- $pin .= mt_rand(0, 9);
- $donething = md5($pin);
- $sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TPINTABLE (dwUserID, strPIN) VALUES (?, ?)");
- $sql = odbc_execute($sql, [$lastID, $donething]);
- if($sql)
- {
- show_message("REGISTER", "Account ".$userName." was sucessfully created! Your pin is: ".$pin."", 2);
- }else{
- }
- }
- }else
- echo "Coś poszło nie tak";
- odbc_close($connection);
- }
- }
- }
- }
- }
- ?>
- <!DOCTYPE html>
- <html lang="pl">
- <head>
- <title>Avergos.com </title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <link rel="stylesheet" type="text/css" href="css/front.css">
- <link rel="stylesheet" type="text/css" href="css/style.css">
- <script src='https://www.google.com/recaptcha/api.js'></script>
- </head>
- <body>
- <div id="page">
- <a id="header" href="/"></a>
- <div id="bg">
- <div class="wood"></div>
- <div class="planks"></div>
- </div>
- <div id="content">
- <center>
- <div id="center">
- <div class="content">
- <p align="center"><br>
- <?php
- if(!empty($GMSG))
- {
- echo $GMSG;
- echo '</br><a href="register.php">BACK</a>';
- }else{
- ?>
- <form method="POST">
- <input type='hidden' name='form1_token' value='<?php echo md5(time()); ?>' />
- <div align="center">
- <div class="page-title">REGISTER</div>
- <div class="page-content">
- <table cellspacing="0" cellpadding="0" width="450">
- <tr class="tableform-nopadding">
- <td align="left">Username:</td><td align="right"><input type="text" maxlength="16" name="form1_username" placeholder="Username..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">Password:</td><td align="right"><input type="password" maxlength="16" name="form1_password" placeholder="Password..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">Repeat password:</td><td align="right"><input type="password" maxlength="16" name="form1_password2" placeholder="Repeat password..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">E-Mail:</td><td align="right"><input type="text" maxlength="50" name="form1_email" placeholder="E-mail..."/></td>
- </tr>
- <tr class="tableform-nopadding">
- <td colspan="2" align="center">
- <div id="game_rules_reg">
- <?php
- //$file = file_get_contents('./includes/rules.php');
- //echo $file;
- ?>
- </div>
- </td>
- </tr>
- <tr class="tableform-nopadding">
- <td align="left">Accept game rules: <a href="rules.php">Rules</a></td>
- <td align="right"><input type="checkbox" id="accept" value="accepted" name="form1_rules" /></td>
- </tr>
- <tr><td><div align="right" class="g-recaptcha" data-sitekey="6Ld0RmQUAAAAACMjt4zsSYuzG8BQHRd6ZhlyYxOL"></div></td></tr>
- <tr class="tr-form">
- <td colspan="2" align="center"><input type="submit" name="form1_submit" value="Make Account" class="big_button"></input></td>
- </tr>
- </table>
- </div>
- </div>
- </form>
- <?php
- }
- ?>
- </p>
- </div>
- </div>
- </center>
- </div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement