Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $ip = $_SERVER['REMOTE_ADDR'];
- $time = date("l dS of F Y h:i:s A");
- $script = $_SERVER[PATH_TRANSLATED];
- $fp = fopen ("[WEB]SQL_Injection.txt", "a+");
- $sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
- $sql_inject_2 = array("", "","","""); #To wont replace
- $GET_KEY = array_keys($_GET); #array keys from $_GET
- $POST_KEY = array_keys($_POST); #array keys from $_POST
- $COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
- /*begin clear $_GET */
- for($i=0;$i<count($GET_KEY);$i++)
- {
- $real_get[$i] = $_GET[$GET_KEY[$i]];
- $_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
- if($real_get[$i] != $_GET[$GET_KEY[$i]])
- {
- fwrite ($fp, "IP: $ip\r\n");
- fwrite ($fp, "Method: GET\r\n");
- fwrite ($fp, "Value: $real_get[$i]\r\n");
- fwrite ($fp, "Script: $script\r\n");
- fwrite ($fp, "Time: $time\r\n");
- fwrite ($fp, "==================================\r\n");
- }
- }
- /*end clear $_GET */
- /*begin clear $_POST */
- for($i=0;$i<count($POST_KEY);$i++)
- {
- $real_post[$i] = $_POST[$POST_KEY[$i]];
- $_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
- if($real_post[$i] != $_POST[$POST_KEY[$i]])
- {
- fwrite ($fp, "IP: $ip\r\n");
- fwrite ($fp, "Method: POST\r\n");
- fwrite ($fp, "Value: $real_post[$i]\r\n");
- fwrite ($fp, "Script: $script\r\n");
- fwrite ($fp, "Time: $time\r\n");
- fwrite ($fp, "==================================\r\n");
- }
- }
- /*end clear $_POST */
- /*begin clear $_COOKIE */
- for($i=0;$i<count($COOKIE_KEY);$i++)
- {
- $real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
- $_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
- if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
- {
- fwrite ($fp, "IP: $ip\r\n");
- fwrite ($fp, "Method: COOKIE\r\n");
- fwrite ($fp, "Value: $real_cookie[$i]\r\n");
- fwrite ($fp, "Script: $script\r\n");
- fwrite ($fp, "Time: $time\r\n");
- fwrite ($fp, "==================================\r\n");
- }
- }
- /*end clear $_COOKIE */
- fclose ($fp);
- ?>
- <?php
- include "./Secure.php";
- ini_set('display_errors', 0);
- $connection = mssql_connect('CT33353\SQLEXPRESS', '', '');
- if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
- {
- die('Konnte keine verbindung zum MSSQL Server herstellen');
- }
- function resafe($key){
- $s = array("\x00", "\n", "\r", "\\", "'", "\"", "\x1a", "\"'\"", "'\"'");
- return str_replace($s, "", $key);
- }
- function __construct(){
- if($_SERVER['REQUEST_METHOD'] == 'GET'){
- $_GET = array_map(array(&$this, 'resafe'), $_GET);
- }
- if($_SERVER['REQUEST_METHOD'] == 'POST'){
- $_POST = array_map(array(&$this, 'resafe'), $_POST);
- }
- }
- $checkusername = $_POST['Username'];
- $query = mssql_query("SELECT account FROM ACCOUNT_DBF WHERE account = '$checkusername'");
- $result = mssql_fetch_row($query);
- if(isset($_POST['submit'])){
- if($_POST['Username'] == ""){
- $error = '<font color="red">Bitte gib deinen Accountnamen an.</font>';
- }
- else if($result[0] == $checkusername){
- $error = '<font color="red">Dein Accountsname ist bereits vergeben.</font>';
- }
- else if($_POST['Password'] == ""){
- $error = '<font color="red">Bitte ein Passwort eingeben.</font>';
- }
- else if($_POST['Password2'] == ""){
- $error = '<font color="red">Du hast kein Passwort angegeben.</font>';
- }
- else if($_POST['birthday'] == ""){
- $error = '<font color="red">Bitte gib dein Geburtsdatum an.</font>';
- }
- else if($_POST['mail'] == ""){
- $error = '<font color="red">Bitte gib deine E Mail Adresse an.</font>';
- }
- else{
- $password = md5('kikugalanet' . $_POST['Password']);
- $stmt = mssql_init('webCreateAcc', $connection);
- mssql_bind($stmt, '@account', $checkusername, SQLVARCHAR, false, false, 15);
- mssql_bind($stmt, '@password', resafe($password), SQLVARCHAR, false, false, 36);
- mssql_bind($stmt, '@birthday', $_POST['birthday'], SQLVARCHAR, false, false, 120);
- mssql_bind($stmt, '@email', $_POST['mail'], SQLVARCHAR, false, false, 120);
- mssql_execute($stmt) or die ("Could not complete the registration. Please try again.");
- mssql_free_statement($stmt);
- $error = '<font color="green">Dein Account wurde erstellt</font>';
- }
- }
- echo '<form action="register.php" method="post">';
- echo 'Account: <input type="text" name="Username" /><br /><br />';
- echo 'Passwort: <input type="password" name="Password" /><br /><br />';
- echo 'Passwort wiederholen: <input type="password" name="Password2" /><br /><br />';
- echo 'Geburtsdatum: <input type="text" name="birthday" /><br /><br />';
- echo 'E-mail Adresse: <input type="text" name="mail" /><br />';
- echo '<input type="submit" name="submit" value="Registrieren" />';
- echo '</form>';
- echo $error;
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement