Untitled

<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 'On');

global $GMSG;


function show_message($x, $msg, $y)
{
	global $GMSG;
	$GMSG = $msg;
}
if(isset($_POST["form1_submit"]) && isset($_SESSION["sended"]) == $_POST['form1_token'])
{
	show_message("REGISTER", "Ups! CoĹ› poszĹ‚o nie tak!", 1);
}elseif(isset($_POST["form1_submit"]) && isset($_SESSION["sended"]) != $_POST['form1_token'])
{
	if(isset($_SESSION["sended"]))
		$_SESSION["sended"] = $_POST["form1_token"];
	function checkItem($str)
	{
		$str = addslashes($str);
		$str = strtolower($str);

		$ddnstr = array('drop', 'insert', 'delete', 'union', 'select', 'exec', 'xp', 'var', 'set', 'update', 'where', 'and', '=', 'truncate', 'table', '*', 'top', 'null', 'delay', 'sleep', 'waitfor', 'from', 'execute', 'account', 'char', 'item', 'cash');

		foreach ($ddnstr as $singlestr) {
			$checkVal = strpos($str, $singlestr);
			if ($checkVal != false) {
				//header('location: index.php');
				//exit();
			} else if (!ctype_alnum($str)) {
				//header('location: index.php');
				//exit();
			}
		}
	}
	$userName = isset($_POST['form1_username']) ? trim($_POST['form1_username']) : '';
	$userEmail = isset($_POST['form1_email']) ? trim($_POST['form1_email']) : '';
	$userPassword = isset($_POST['form1_password']) ? trim($_POST['form1_password']) : '';
	$userPassword2 = isset($_POST['form1_password2']) ? trim($_POST['form1_password2']) : '';

	checkItem($userName);
	checkItem($userPassword);
	checkItem($userPassword2);

	$userName = htmlspecialchars($userName);
	$userEmail = htmlspecialchars($userEmail);
	$userPassword = htmlspecialchars($userPassword);
	$userPassword2 = htmlspecialchars($userPassword2);

	$userName = addslashes($userName);
	$userEmail = addslashes($userEmail);
	$userPassword = addslashes($userPassword);
	$userPassword2 = addslashes($userPassword2);

	if(empty($userName)){
		show_message("REGISTER", "Please provide a user name.", 1);
	}else if(strlen($userName) < 3 || strlen($userName) > 16){
		show_message("REGISTER", "User name must be between 3 and 16 characters in length.", 1);
	}else if(ctype_alnum($userName) === false){
		show_message("REGISTER", "User name must consist of numbers and letters only.", 1);
	}else{
		//$userName = addcslashes($userName);
			// userName success


		if(empty($userPassword)){
			show_message("REGISTER", "Please provide a password.", 1);
		}else if(strlen($userPassword) < 5 || strlen($userPassword) > 16){
			show_message("REGISTER", "Passwords must be between 5 and 16 characters in length.", 1);
		}else if($userPassword != $userPassword2){
			show_message("REGISTER", "Passwords must be the same!", 1);
		}else if(strpos($userPassword, "--")){
			show_message("REGISTER", "Password containts forbidden characters", 1);
		}else{
			//Password success

			if(empty($userEmail)) {
				show_message("REGISTER", "Please provide a email.", 1);
			}elseif(!filter_var($userEmail, FILTER_VALIDATE_EMAIL)) {
				show_message("REGISTER", "Please provide a email.", 1);
			}else if(strlen($userEmail) < 3 || strlen($userEmail) > 50) {
				show_message("REGISTER", "Email must be between 3 and 50 characters in length.", 1);
			}else{
				// Email OK
				if(!isset($_POST['form1_rules'])) {
					show_message("REGISTER", "Accept Rules", 1);
				}else{


					$connection = @odbc_connect("Driver={ODBC Driver 17 for SQL Server};Server=$dbHost;", $dbUser, $dbPass) or die(odbc_errormsg());

						$sql = "SELECT * FROM TGLOBAL_GSP.dbo.ACCOUNTWEB";
						$result = odbc_exec($connection, $sql);
						$lastID = 0;
						while ($rows = odbc_fetch_object($result)) {
							$lastID = $rows->ACCOUNTID+1;
						}
						$data = date("Y-m-d H:i:s");
						$userPassword = md5($userPassword);
						$sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TACCOUNT (dwUserID, szUserID, szPasswd, bCheck, szEmail, dFirstLogin) VALUES (?, ?, ?, 1, ?, ?)");
						$sql = odbc_execute($sql, [$lastID, $userName, $userPassword, $userEmail, $data]);
						if($sql)
						{
							$sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.ACCOUNTWEB (ACCOUNTID) VALUES (?)");
							$sql = odbc_execute($sql, [$lastID]);
							if($sql)
							{
								$pin = "";
								$pin .= mt_rand(0, 9);
								$pin .= mt_rand(0, 9);
								$pin .= mt_rand(0, 9);
								$pin .= mt_rand(0, 9);
								$donething = md5($pin);
								$sql = odbc_prepare($connection, "INSERT INTO TGLOBAL_GSP.dbo.TPINTABLE (dwUserID, strPIN) VALUES (?, ?)");
								$sql = odbc_execute($sql, [$lastID, $donething]);
								if($sql)
								{
									show_message("REGISTER", "Account ".$userName." was sucessfully created! Your pin is: ".$pin."", 2);
								}else{

								}
							}
						}else
							echo "CoĹ› poszĹ‚o nie tak";

					odbc_close($connection);
				}
			}
		}
	}
}
?>
<!DOCTYPE html>
<html lang="pl">
<head>
    <title>Avergos.com </title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <link rel="stylesheet" type="text/css" href="css/front.css">
    <link rel="stylesheet" type="text/css" href="css/style.css">
	<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
	<div id="page">
		<a id="header" href="/"></a>
        <div id="bg">
            <div class="wood"></div>
            <div class="planks"></div>
        </div>

        <div id="content">
			<center>
				<div id="center">
					<div class="content">
						<p align="center"><br>
						<?php
						if(!empty($GMSG))
						{
							echo $GMSG;
							echo '</br><a href="register.php">BACK</a>';
						}else{
						?>
							<form method="POST">
								<input type='hidden' name='form1_token' value='<?php  echo md5(time()); ?>' />
								<div align="center">
									<div class="page-title">REGISTER</div>
										<div class="page-content">
											<table cellspacing="0" cellpadding="0" width="450">
												<tr class="tableform-nopadding">
													<td align="left">Username:</td><td align="right"><input type="text" maxlength="16" name="form1_username" placeholder="Username..."/></td>
												</tr>
												<tr class="tableform-nopadding">
													<td align="left">Password:</td><td align="right"><input type="password" maxlength="16" name="form1_password" placeholder="Password..."/></td>
												</tr>
												<tr class="tableform-nopadding">
													<td align="left">Repeat password:</td><td align="right"><input type="password" maxlength="16" name="form1_password2" placeholder="Repeat password..."/></td>
												</tr>
												<tr class="tableform-nopadding">
													<td align="left">E-Mail:</td><td align="right"><input type="text" maxlength="50" name="form1_email" placeholder="E-mail..."/></td>
												</tr>
												<tr class="tableform-nopadding">
													<td colspan="2" align="center">
														<div id="game_rules_reg">
															<?php
																//$file = file_get_contents('./includes/rules.php');
																//echo $file;
															?>
														</div>

													</td>
												</tr>
								<tr class="tableform-nopadding">
									<td align="left">Accept game rules: <a href="rules.php">Rules</a></td>
									<td align="right"><input type="checkbox" id="accept" value="accepted" name="form1_rules" /></td>
								</tr>
								<tr><td><div align="right" class="g-recaptcha" data-sitekey="6Ld0RmQUAAAAACMjt4zsSYuzG8BQHRd6ZhlyYxOL"></div></td></tr>
											<tr class="tr-form">
												<td colspan="2" align="center"><input type="submit" name="form1_submit" value="Make Account" class="big_button"></input></td>
											</tr>
										</table>
									</div>
								</div>
							</form>
						   <?php
							}
						   ?>


						</p>
					</div>
				</div>
			</center>
        </div>
	</div>
</body>
</html>