<?php$ip = $_SERVER['REMOTE_ADDR'];$time = date("l dS of F Y h:i:s A");$sc

1. <?php
2. $ip = $_SERVER['REMOTE_ADDR'];
3. $time = date("l dS of F Y h:i:s A");
4. $script = $_SERVER[PATH_TRANSLATED];
5. $fp = fopen ("[WEB]SQL_Injection.txt", "a+");
6. $sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
7. $sql_inject_2 = array("", "","","""); #To wont replace
8. $GET_KEY = array_keys($_GET); #array keys from $_GET
9. $POST_KEY = array_keys($_POST); #array keys from $_POST
10. $COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
11. /*begin clear $_GET */
12. for($i=0;$i<count($GET_KEY);$i++)
13. {
14. $real_get[$i] = $_GET[$GET_KEY[$i]];
15. $_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
16. if($real_get[$i] != $_GET[$GET_KEY[$i]])
17. {
18. fwrite ($fp, "IP: $ip\r\n");
19. fwrite ($fp, "Method: GET\r\n");
20. fwrite ($fp, "Value: $real_get[$i]\r\n");
21. fwrite ($fp, "Script: $script\r\n");
22. fwrite ($fp, "Time: $time\r\n");
23. fwrite ($fp, "==================================\r\n");
24. }
25. }
26. /*end clear $_GET */
27. /*begin clear $_POST */
28. for($i=0;$i<count($POST_KEY);$i++)
29. {
30. $real_post[$i] = $_POST[$POST_KEY[$i]];
31. $_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
32. if($real_post[$i] != $_POST[$POST_KEY[$i]])
33. {
34. fwrite ($fp, "IP: $ip\r\n");
35. fwrite ($fp, "Method: POST\r\n");
36. fwrite ($fp, "Value: $real_post[$i]\r\n");
37. fwrite ($fp, "Script: $script\r\n");
38. fwrite ($fp, "Time: $time\r\n");
39. fwrite ($fp, "==================================\r\n");
40. }
41. }
42. /*end clear $_POST */
43. /*begin clear $_COOKIE */
44. for($i=0;$i<count($COOKIE_KEY);$i++)
45. {
46. $real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
47. $_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
48. if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
49. {
50. fwrite ($fp, "IP: $ip\r\n");
51. fwrite ($fp, "Method: COOKIE\r\n");
52. fwrite ($fp, "Value: $real_cookie[$i]\r\n");
53. fwrite ($fp, "Script: $script\r\n");
54. fwrite ($fp, "Time: $time\r\n");
55. fwrite ($fp, "==================================\r\n");
56. }
57. }
58.  
59. /*end clear $_COOKIE */
60. fclose ($fp);
61. ?>
62. <?php
63.    include "./Secure.php";
64. ini_set('display_errors', 0);
65. $connection = mssql_connect('CT33353\SQLEXPRESS', '', '');
66. if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
67. {
68.    die('Konnte keine verbindung zum MSSQL Server herstellen');
69. }
70.  
71. function resafe($key){
72.  $s = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a", "\"'\"", "'\"'");
73.   return str_replace($s, "", $key);
74. }
75. function __construct(){
76.   if($_SERVER['REQUEST_METHOD'] == 'GET'){
77.   $_GET = array_map(array(&$this, 'resafe'), $_GET);
78.   }
79.   if($_SERVER['REQUEST_METHOD'] == 'POST'){
80.   $_POST = array_map(array(&$this, 'resafe'), $_POST);
81.   }
82. }
83.  
84. $checkusername = $_POST['Username'];
85. $query = mssql_query("SELECT account FROM ACCOUNT_DBF WHERE account = '$checkusername'");
86. $result = mssql_fetch_row($query);
87.  
88. if(isset($_POST['submit'])){
89.     if($_POST['Username'] == ""){
90.         $error = '<font color="red">Bitte gib deinen Accountnamen an.</font>';
91.     }
92.     else if($result[0] == $checkusername){
93.         $error = '<font color="red">Dein Accountsname ist bereits vergeben.</font>';
94.     }
95.     else if($_POST['Password'] == ""){
96.         $error = '<font color="red">Bitte ein Passwort eingeben.</font>';
97.     }
98.     else if($_POST['Password2'] == ""){
99.         $error = '<font color="red">Du hast kein Passwort angegeben.</font>';
100.     }
101.     else if($_POST['birthday'] == ""){
102.         $error = '<font color="red">Bitte gib dein Geburtsdatum an.</font>';
103.     }
104.     else if($_POST['mail'] == ""){
105.         $error = '<font color="red">Bitte gib deine E Mail Adresse an.</font>';
106.     }
107.     else{
108.         $password = md5('kikugalanet' . $_POST['Password']);
109.         $stmt = mssql_init('webCreateAcc', $connection);
110.                 mssql_bind($stmt, '@account', $checkusername, SQLVARCHAR, false, false, 15);
111.                 mssql_bind($stmt, '@password', resafe($password), SQLVARCHAR, false, false, 36);
112.                 mssql_bind($stmt, '@birthday', $_POST['birthday'], SQLVARCHAR, false, false, 120);
113.                 mssql_bind($stmt, '@email', $_POST['mail'], SQLVARCHAR, false, false, 120);
114.                 mssql_execute($stmt) or die ("Could not complete the registration. Please try again.");
115.                 mssql_free_statement($stmt);
116.                 $error = '<font color="green">Dein Account wurde erstellt</font>';
117.     }
118. }
119.  
120. echo '<form action="register.php" method="post">';
121. echo 'Account:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="Username" /><br /><br />';
122. echo 'Passwort:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="Password" /><br /><br />';
123. echo 'Passwort wiederholen: <input type="password" name="Password2" /><br /><br />';
124. echo 'Geburtsdatum: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="birthday" /><br /><br />';
125. echo 'E-mail Adresse: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="mail" /><br />';
126. echo '<input type="submit" name="submit" value="Registrieren" />';
127. echo '</form>';
128. echo $error;
129.  
130. ?>