Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php include("../templates/connect.php");
- $username = mysql_real_escape_string($_POST['username']);
- $password1= mysql_real_escape_string($_POST['password1']);
- $password2= mysql_real_escape_string($_POST['password2']);
- $email=mysql_real_escape_String($_POST['email']);
- $user_ip=$_SERVER['REMOTE_ADDR'];
- //---- need to make it so textboxes only allow letters and numbers for username, and password
- //---- this checks the variables against the database
- $sql = "SELECT * FROM usersxyz WHERE USERNAME='$username'";
- $check=mysql_query($sql);
- $res=mysql_num_rows($check);
- $check2=mysql_query("SELECT * FROM usersxyz WHERE EMAIL='$email'");
- $res2=mysql_num_rows($check2);
- $check3=mysql_query("SELECT * FROM usersxyz WHERE IPADDY='$user_ip'");
- $res3=mysql_num_rows($check3);
- if($res > 0)
- {
- header("Location: /homepage/registration.php?username=used");
- }
- else if($res2 > 0)
- {
- header("Location: /homepage/registration.php?email=used");
- }
- else if(!preg_match('/.{2,20}@{1}.{2,20}\.{1}.{2,10}/', $email))
- {
- header("Location: /homepage/registration.php?email=invalid");
- }
- else if($password1!=$password2)
- {
- header("Location: /homepage/registration.php?password=unmatch");
- }
- else if(empty($username))
- {
- header("Location: /homepage/registration.php?username=empty");
- }
- else if(empty($password1))
- {
- header("Location: /homepage/registration.php?password=empty");
- }
- else if(empty($email))
- {
- header("Location: /homepage/registration.php?email=empty");
- }
- ELSE
- {
- $puppy=mysql_query("INSERT INTO usersxyz (USERNAME, PASSWORD, EMAIL, IPADDY) VALUES('$username', '$password1', '$email', '$user_ip')") or die(mysql_error());
- mysql_query("INSERT INTO logs (TYPE, CONTENT) VALUES ('2', 'User $username has registered.')") or die(mysql_error());
- if($res3 > 0) { mysql_query("INSERT INTO adminwarnings (SUBJECT, CONTENT) VALUES ('Possible Multi', 'A user with the IP $user_ip has recently registered. This IP has been used in multiple registrations, and could possibly be a multi. Please review logs, and invistigate possible misconduct')");}
- if (preg_match('~[^a-z0-9]~i',$username)) { mysql_query("INSERT INTO adminwarnings (SUBJECT, CONTENT) VALUES ('Possible Hack attempt', 'A user with IP $user_ip has registtered with the username: $username . This could possibly be an SQL Injection attempt. Please investigate.')"); }
- header("location: ../index.php?reg=1");
- }
- ?>
Add Comment
Please, Sign In to add comment