Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class MssqlConnect {
- public $db_name='ACCOUNT_DBF';
- public function __construct($db_server, $db_username, $db_password) {
- $this->Connect($db_server, $db_username, $db_password);
- $this->SelectDatabase($this->db_name);
- }
- public function Connect($db_server, $db_username, $db_password) {
- mssql_connect($db_server, $db_username, $db_password) or die("<br>Something went wrong connecting to mssql.");
- }
- public function SelectDatabase($database_name) {
- mssql_select_db($this->db_name) or die("<br>Something went wrong connecting to database");
- }
- }
- class RegisterUser extends MssqlConnect {
- public $username;
- public $password;
- public $repeatpassword;
- public $email;
- public function __construct($username, $password, $repeatpassword, $email) {
- $this->SQLInjection($username, $password, $repeatpassword, $email);
- $this->RegisterAccount($username, $password, $repeatpassword, $email);
- }
- public function SQLInjection($username, $password, $repeatpassword, $email) {
- $banned_strings = array(
- "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace",
- "handler", "like", " as ", "or ", "procedure", "limit", "order by", "group by", "asc", "desc",
- "'", '"', "*", "`"
- );
- $allowed_username = $this->username = strip_tags(trim(str_replace($banned_strings, '', $username)));
- $allowed_password = $this->password = strip_tags(trim(str_replace($banned_strings, '', $password)));
- $allowed_repeatpassword = $this->repeatpassword = strip_tags(trim(str_replace($banned_strings, '', $repeatpassword)));
- $allowed_email = $this->email = strip_tags(trim(str_replace($banned_strings, '', $email)));
- }
- public function RegisterAccount($username, $password, $repeatpassword, $email) {
- $this->username = $_POST['username'];
- $this->password = $_POST['password'];
- $this->repeatpassword = $_POST['repeatpassword'];
- $this->email = $_POST['email'];
- $isuse = 'J';
- if (!empty($this->username)&&!empty($this->password)&&!empty($this->repeatpassword)&&!empty($this->email)) {
- if (ctype_alnum($this->username)&&ctype_alnum($this->password)&&ctype_alnum($this->repeatpassword)) {
- if ($this->password==$this->repeatpassword) {
- if ($this->username!==$this->password) {
- $query = mssql_query ("INSERT INTO dbo.ACCOUNT_TBL (account, password, isuse, member, id_no1, id_no2, realname, reload, OldPassword, TempPassword, cash) VALUES ('$this->username', '$this->password', '$isuse', '$this->username', '1', '2', '$this->username', 'false', '$this->password', '$this->password', '0')") or die("Something went wrong insertting the info into the table.");
- $query_email = mssql_query("INSERT INTO dbo.ACCOUNT_TBL_DETAIL (email, isuse) VALUES('$this->email', '$isuse')") or die("Something went wrong with insertting information");
- echo "You have been successfully registered with the username: <b>".$this->username."</b>. You may now <a href='login.php'>login</a> and play.";
- } else {
- echo "Your username and password must be different."; }
- } else {
- echo "Your password and repeated password do not match. Try again."; }
- } else {
- echo "Please only use letters and numbers.";}
- } else {
- echo "Please fill in <b>All</b> of the fields."; }
- }
- }
- $submit = $_POST['submit'];
- if ($submit) {
- $db_connect = new MssqlConnect('NICK\SQLEXPRESS2', 'sa', 'noobtuber');
- $register = new RegisterUser($_POST['username'], $_POST['password'], $_POST['repeatpassword'], $_POST['email']);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement