Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set("log_errors", 1);
- ini_set("error_log", "errorlog.txt");
- error_reporting(E_ALL);
- //Kevin:
- //Patched XSS exploit
- //Safe from SQL injections
- //Secures variables, escapes the parameters
- //cleaned up - 05/14/2017
- //Zaseth:
- //Simple Shell Keyword Detection which I obfuscated
- //Regex on all forms
- //Set maxlength on all forms
- //Hidden PHP errors
- //Fixed echo file inclusion
- //Footer is now inside Register page
- require_once('recaptchalib.php');
- $pageTitle = 'CPG - Register';
- include('/var/www/html/register/includes/config.php');
- function sendError($errorType, $message)
- {
- switch($errorType)
- {
- case "success":
- $error = "<div class=\"alert alert-success\">{$message}</div>";
- break;
- case "error":
- $error = "<div class=\"alert alert-danger\">{$message}</div>";
- break;
- }
- return $error;
- }
- if(isset($_POST) && !empty($_POST))
- {
- if(isset($_POST["username"],$_POST["email"], $_POST["password"], $_POST["repassword"], $_POST["penguinColor"], $_POST["g-recaptcha-response"]) && !empty($_POST["username"]) && !empty($_POST["email"]) && !empty($_POST["password"]) && !empty($_POST["repassword"]) && !empty($_POST["penguinColor"]) && !empty($_POST["g-recaptcha-response"]))
- {
- $strUsername = $_POST["username"];
- $strEmail = $_POST["email"];
- $strPassword = $_POST["password"];
- $strRePassword = $_POST["repassword"];
- $intNow = time();
- $intColor = $_POST["penguinColor"];
- $strCaptcha = $_POST["g-recaptcha-response"];
- $strSecretKey = "6Le0pyIUAAAAALXQlgE5ile89NAwSTYO6SMQgUkT";
- $intIP = $_SERVER['REMOTE_ADDR'];
- $strResponse = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$strSecretKey."&response=".$strCaptcha."&remoteip=".$intIP);
- $strResponseKeys = json_decode($strResponse, true);
- $checkUser = $database->prepare("SELECT Nickname from penguins WHERE Nickname = :username");
- $checkUser->bindValue(':username', $strUsername);
- $checkUser->execute();
- $userTaken = $checkUser->rowCount() > 0;
- $checkUser->closeCursor();
- $checkEmail = $database->prepare("SELECT Email from penguins WHERE Email = :email");
- $checkEmail->bindValue(':email', $strEmail);
- $checkEmail->execute();
- $emailTaken = $checkEmail->rowCount() > 0;
- $checkEmail->closeCursor();
- if($userTaken)
- {
- $error = sendError('error', 'Woops username already in use');
- }
- elseif($emailTaken)
- {
- $error = sendError('error', 'Woops email already in use');
- }
- //this is part of the patch
- elseif(strlen($strUsername) == 0)
- {
- $error = sendError('error', 'You need to name your penguin');
- }
- //this is part of the patch too
- elseif(strlen($strUsername) < 4 || strlen($strUsername) > 21)
- {
- $error = sendError('error', 'Your penguin name is either too short or too long');
- }
- //this is part of the patch too
- elseif(preg_match_all("/[0-9]/", $strUsername) > 21)
- {
- $error = sendError('error', 'Your penguin name can only contain 21 numbers');
- }
- //this is part of the patch too
- elseif(!preg_match("/[A-z]/i", $strUsername))
- {
- $error = sendError('error', 'Penguin names must contain at least 1 letter.');
- }
- //this is part of the patch too
- elseif(preg_match('/[^a-z0-9\s]/i', $strUsername))
- {
- $error = sendError('error', 'That username is not allowed.');
- }
- //this is part of the patch too
- if(!filter_var($strEmail, FILTER_VALIDATE_EMAIL))
- {
- $error = sendError('error', 'Your email isn\'t valid');
- }
- elseif($strPassword != $strRePassword)
- {
- $error = sendError('error', "Passwords do not match !");
- }
- elseif(!$strCaptcha)
- {
- $error = sendError('error', 'Please fill out the captcha');
- die();
- }
- elseif(intval($strResponseKeys["success"]) !== 1) {
- $error = sendError('error', 'Hello Spammer.');
- }
- else
- {
- $myfile = fopen("/var/www/html/register/penguinid.txt", "r") or die("Error!");
- $penguinId = fgets($myfile) + 1;
- fclose($myfile);
- $insertUser = $database->prepare("INSERT INTO penguins (Username, Nickname, Email, RegistrationDate, Password, Color) VALUES (:username, :nickname, :email, :registered_time, :password, :color)");
- $insertUser->bindValue(":username", "P" . $penguinId . "");
- $insertUser->bindValue(":nickname", $strUsername);
- $insertUser->bindValue(":email", $strEmail);
- $insertUser->bindValue(":registered_time", $intNow);
- $insertUser->bindValue(":password", strtoupper(md5($strPassword)));
- $insertUser->bindValue(":color", $intColor);
- $insertUser->execute();
- $insertUser->closeCursor();
- $penguinId = $database->lastInsertId();
- $myfile = fopen("/var/www/html/register/penguinid.txt", "w") or die("Error!");
- fwrite($myfile, $penguinId);
- fclose($myfile);
- #echo 'You have successfully registered!';
- $error = sendError('success', 'You have successfully registered!');
- }
- }
- else
- {
- $error = sendError('error', "Please complete all the fields.");
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <title><?php echo $siteName; ?> - <?php echo $pageTitle; ?></title>
- <link rel="stylesheet" href="https://bootswatch.com/paper/bootstrap.min.css">
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
- <script src="https://www.google.com/recaptcha/api.js"></script>
- </head>
- <body>
- <nav class="navbar navbar-inverse">
- <div class="container">
- <div class="navbar-header">
- <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
- <span class="sr-only">Toggle navigation</span>
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- </button>
- <a class="navbar-brand" href="/" style="padding-top:13.5px;"><img style="height:85px;margin-top: -13px;" src="http://clubpenguingenerations.me/register/images/cpr.png"></img></a>
- </div>
- <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
- <ul class="nav navbar-nav">
- </ul>
- <ul class="nav navbar-nav navbar-right">
- <li><a href="#">Home</a></li>
- <li><a href="http://clubpenguingenerations.me/play/">Play</a></li>
- </ul>
- </div><!-- /.navbar-collapse -->
- </div>
- </nav>
- <div class="container">
- <style>
- .form-group{
- width:400px !important;
- }
- .alert{
- width: 528px !important;
- }
- </style>
- <div>
- <center>
- <style>
- @font-face {
- font-family: Balloon SC D Regular;
- src: url(http://www.fonts2u.com/download/balloon-extra-bold.font);
- }
- div {
- font-family: Balloon SC D Regular;
- }
- </style>
- <h3>Create Your Penguin!</h3>
- <div class="image-and-text">
- <div class="image">
- <img src="http://i.imgur.com/TXMbYRT.png">
- </div>
- <br />
- <br />
- </center>
- </div>
- <center>
- <div class="register-form">
- <form method="POST" action="">
- <?php
- if(isset($error))
- {
- echo $error;
- }
- ?>
- <script>
- function validate(e) {
- e = e || window.event;
- var bad = /[^\sa-z\d]/i,
- key = String.fromCharCode( e.keyCode || e.which );
- if ( e.which !== 0 && e.charCode !== 0 && bad.test(key) ) {
- e.returnValue = false;
- if ( e.preventDefault ) {
- e.preventDefault();
- }
- }
- }
- </script>
- <div class="form-group">
- <input type="text" onkeypress="validate(event)" name="username" class="form-control" placeholder="Penguin Name" min="4" maxlength="21" />
- </div>
- <div class="form-group">
- <input type="email" name="email" class="form-control" placeholder="Email" id="inputDefault" maxlength="40" />
- </div>
- <div class="form-group">
- <input type="password" name="password" class="form-control" placeholder="Password" id="inputDefault" maxlength="1000" />
- </div>
- <div class="form-group">
- <input type="password" name="repassword" class="form-control" placeholder="Confirm Password" id="inputDefault" maxlength="1000" />
- </div>
- <select name="penguinColor" style="width: 300px; height: 30px;">
- <option class="selected">Select a color</option>
- <option value="1">Blue</option>
- <option value="2">Green</option>
- <option value="3">Pink</option>
- <option value="4">Black</option>
- <option value="5">Yellow</option>
- <option value="6">Dark Purple</option>
- <option value="7">Brown</option>
- <option value="8">Peach</option>
- <option value="9">Red</option>
- <option value="10">Orange</option>
- <option value="11">Dark Green</option>
- <option value="12">Light Blue</option>
- <option value="13">Lime Green</option>
- <option value="14">Aqua</option>
- <option value="15">Grey</option>
- <option value="16">Arctic White</option>
- </select><br>
- <div class="form-group">
- </div>
- <div class="g-recaptcha" data-sitekey="6Le0pyIUAAAAAPoHDIIcgXF0UO0ZdBfYl8rNszi4"></div></div><br>
- <input type="submit" uclass="btn btn-success" value="Sign Up" style="width: 111px;margin-top: -16px;"></input>
- <p id="zaseth"></p>
- <script>
- var _0xe934=["\x63\x6D\x64\x20\x73\x68\x65\x6C\x6C\x20\x66\x69\x6C\x65\x20\x6F\x70\x65\x6E\x64\x69\x72\x20\x62\x61\x63\x6B\x64\x6F\x6F\x72\x20\x75\x70\x6C\x6F\x61\x64\x20\x75\x73\x65\x72\x66\x69\x6C\x65\x20\x74\x6D\x70\x5F\x6E\x61\x6D\x65\x20\x4D\x41\x58\x5F\x46\x49\x4C\x45\x5F\x53\x49\x5A\x45\x20\x75\x73\x65\x72\x66\x69\x6C\x65\x20\x72\x65\x6D\x6F\x74\x65\x66\x69\x6C\x65\x20\x73\x65\x73\x73\x69\x6F\x6E\x5F\x73\x74\x61\x72\x74\x20\x30\x29\x3B\x7D\x63\x61\x74\x63\x68\x28\x65\x29\x7B\x7D\x3B","\x63\x6D\x64","\x69\x6E\x63\x6C\x75\x64\x65\x73","\x73\x68\x65\x6C\x6C","\x66\x69\x6C\x65","\x6F\x70\x65\x6E\x64\x69\x72","\x62\x61\x63\x6B\x64\x6F\x6F\x72","\x75\x70\x6C\x6F\x61\x64","\x75\x73\x65\x72\x66\x69\x6C\x65","\x74\x6D\x70\x5F\x6E\x61\x6D\x65","\x4D\x41\x58\x5F\x46\x49\x4C\x45\x5F\x53\x49\x5A\x45","\x72\x65\x6D\x6F\x74\x65\x66\x69\x6C\x65","\x73\x65\x73\x73\x69\x6F\x6E\x5F\x73\x74\x61\x72\x74","\x30\x29\x3B\x7D\x63\x61\x74\x63\x68\x28\x65\x29\x7B\x7D\x3B","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x7A\x61\x73\x65\x74\x68","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64"];function SimpleShellDetect(){var _0x9114x2=_0xe934[0];var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[1]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[3]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[4]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[5]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[6]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[7]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[8]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[9]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[10]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[8]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[11]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[12]);var _0x9114x3=_0x9114x2[_0xe934[2]](_0xe934[13]);document[_0xe934[16]](_0xe934[15])[_0xe934[14]]= _0x9114x3}
- </script>
- </form>
- </div>
- </center>
- </div>
- <br /><br /><br /><br />
- <center><small>Club Penguin Artwork is owned by The Walt Disney Company and Club Penguin and is used under Fair Use for Education.</small></center>
- <center><small>ORIGINALLY MADE BY ZEDD/KEVIN</small></center>
- <center><small>MODIFIED WITH <img src="http://www.ibizaglobalradio.com/player/widget_squared/assets/img/love.png"> BY ZASETH</a></small></center>
- </body>
- </html>
- </center>
- </div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement