Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <title>Registrazione AncientLonjuMt2</title>
- <body>
- <style>
- input,button {
- height: 35px;
- font-size: 16px;
- }
- input {
- padding-left: 2px;
- }
- body,table {
- font-size: 16px;
- font-style: italic;
- font-weight: bold;
- }
- form {
- background: silver;
- border: 2px solid #333;
- }
- </style>
- <center>
- <?
- strHTML = "<s" & "cript>alert(document.cookie);</s" & "cript>"
- ' code injection
- Response.Write(strHTML)
- ' protetto
- Response.Write(Server.HtmlEncode(strHTML))
- ?>
- <?
- Function FixSQL(stringa)
- stringa = Replace(stringa, "'", "''")
- stringa = Replace(stringa, "%", "[%]")
- stringa = Replace(stringa, "[", "[[]")
- stringa = Replace(stringa, "]", "[]]")
- stringa = Replace(stringa, "_", "[_]")
- stringa = Replace(stringa, "#", "[#]")
- FixSQL = stringa
- End function
- SQL = "SELECT * FROM tabella WHERE ID = '" & FixSQL(Request("ID")) & "'"
- ?>
- <?
- #
- $ip_server="ip";
- $user_database="ancient";
- $password_database="ancient";
- mysql_connect($ip_server,$user_database,$password_database);
- mysql_select_db('account');
- $ip=$_SERVER['REMOTE_ADDR'];
- $data_creazione=date('Y-m-d H:i:s');
- if(isset($_POST['user'])){
- // aggiunto fix xss
- $user=trim(addslashes($_POST['user']));
- $user=str_replace('>','',$user);
- $user=str_replace('<','',$user);
- $password=trim(addslashes($_POST['password']));
- $password=str_replace('>','',$password);
- $password=str_replace('<','',$password);
- $password2=trim(addslashes($_POST['password2']));
- $password2=str_replace('>','',$password2);
- $password2=str_replace('<','',$password2);
- $email=trim(addslashes($_POST['email']));
- $email=str_replace('>','',$email);
- $email=str_replace('<','',$email);
- $codice=rand(1000000,9999999);
- $pagine_magazzino='2080-00-00 00:00:00';
- $terza_mano='2080-00-00 00:00:00';
- $doppia_possibilita_pesca='2080-00-00 00:00:00';
- $punti_amore='2080-00-00 00:00:00';
- $drop_yang_doppio='2080-00-00 00:00:00';
- $query="INSERT INTO account (Login,password,real_name,social_id,email,address,create_time,safebox_expire,autoloot_expire,fish_mind_expire,marriage_fast_expire,money_drop_rate_expire) VALUES('$user',password('$password'),'$password','$codice','$email','$ip','$data_creazione','$pagine_magazzino','$terza_mano','$doppia_possibilita_pesca','$punti_amore','$drop_yang_doppio');";
- $check_email=mysql_query("SELECT email FROM account where email='$email';");
- $check=mysql_fetch_object($check_email);
- if(strlen($user && $password && $email) > 0){
- if($password==$password2){
- if(!$check){
- if(mysql_query($query)){
- echo "OK : L'Account E' Stato Creato Con Successo!<br>
- <table border='2' align='center'>
- <tr>
- <td>Nome Account :</td><td>$user</td>
- </tr>
- <tr>
- <td>Password :</td><td>$password</td>
- </tr>
- <tr>
- <td>Email :</td><td>$email</td>
- </tr>
- <tr>
- <td>Codice Cancellazione :</td><td>$codice</td>
- </tr>
- </table>";
- }else{echo "Errore : Questo Nome Account E' Gia Usato.";}
- }else{echo "Errore : Questa Email E' Gia Usata.";}
- }else{echo "Errore : Password Errata, Ripetila Correttamente.";}
- }else{echo "Errore : Completa La Registrazione.";}
- }
- ?>
- <FORM action='account_create.php' method='post'>
- <table border='0' align='center'>
- <tr>
- <td>Nome Account :</td><td align='center'>
- <input name='user' size='30' /></td>
- <td>Massimo 9 Caratteri</td>
- </tr>
- <tr>
- <td>Password :</td><td align='center'>
- <input name='password' type='password' size='30' /></td>
- <td>Massimo 9 Caratteri</td>
- </tr>
- <tr>
- <td>Ripeti Password :</td><td align='center'>
- <input name='password2' type='password' size='30' /></td>
- <td>Ripeti La Password</td>
- </tr>
- <tr>
- <td>Email :</td><td align='center'>
- <input name='email' size='30' /></td>
- <td>Possibilmente Vera</td>
- </tr>
- </table>
- <button type='submit'>Registra Account</button>
- </FORM>
- </center>
- </body>
- </html>
Add Comment
Please, Sign In to add comment