For those who use dyeprey cp ae

[buzbee]

Okay so i figured its something i added to my server to help gm's and admins on account control and such

This is a small example, or slightly edited php script for registering a new account
What it actually does is it put the ascii password in AscPassWord, and the md5 password in MD5PassWord
its some very small edits to a great register script

Original

<?php
/* 
RoseCP - Acturus Edition
Copyrigt (C) 2008 dyeprey www.i-code-it.com

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

if (!defined('CWD'))
{
	define('CWD', (($getcwd = getcwd()) ? $getcwd : '.'));
}
session_start();
require (CWD . '/globals.php');
$smarty->assign("name","Registration");


if (!empty($_POST)) {
  $errors = array();
  	if (($rosecp_ae->inject($_POST['uname'])) || ($rosecp_ae->inject($_POST['pass'])) || ($rosecp_ae->inject($_POST['rpass'])) || ($rosecp_ae->inject($_POST['mname'])) || ($rosecp_ae->inject($_POST['email'])))
  	{ 
		  $errors[] = "Invalid Chars (AlphaNumeric Only)";
  	}
  	if (strlen(trim($_POST['uname'])) < 4 || strlen(trim($_POST['uname'])) > 23) 
	{
		$errors[] = "Username Length Not Accepted (4-23 Characters)";
	}
	if ($rosecp_ae->check_uname($_POST['uname']))
	{
		$errors[] = "Username Already Taken";
	}
	if (strlen(trim($_POST['pass'])) < 4 || strlen(trim($_POST['pass'])) > 23) 
	{ 
		$errors[] = "Password Length Not Accepted (4-23 Characters)";
	}
	if (!$rosecp_ae->valid_email($_POST['email'])) 
	{ 
		$errors[] = "Email Address Invalid";
	}
	if ($rosecp_ae->check_email($_POST['email']))
	{
		$errors[] = "Email Address Already Taken";
	}
	if (strcmp($_POST['pass'],$_POST['rpass'])) 
	{ 
		$errors[] = "Passwords Does not Match";
	}
	if (strlen(trim($_POST['mname'])) < 4 || strlen(trim($_POST['mname'])) > 23) 
	{
		$errors[] = "MotherName Length Not Accepted (4-23 Characters)";
	}
	if ((md5($_POST['v_image'])) <> ($_SESSION['image_value']))
	{
		$errors[] = "Verification Does Not Match";
	}
	
	if (!empty($errors)) 
  	{
    	echo 'false';
    	foreach ($errors as $error) 
    	{
      		echo ';' . $error;
    	}
    	exit;
  	}
  	else
  	{
	extract($_POST, EXTR_PREFIX_ALL, "posts"); 
  	$posts_pass = md5($posts_pass);
  	
  	$sql = $rosecp_ae->initDB(1);
	$add = $sql->query("INSERT into UserInfo([Account],[MD5PassWord],[Email],[MailIsConfirm],[memberinfo],[Right],[MotherLName]) 
	VALUES('$posts_uname','$posts_pass','$posts_email','1','2','1','$posts_mname')");
	if ($add)
	{	
		$date = date("F d Y");
		$sql->query("INSERT INTO RCP_Amessages ([To],[From],[title],[message],[date],[flag]) VALUES ('$posts_uname','$message[from]','$message[title]','$message[welcome]','$date','1')");
		echo 'true;<br /><strong><center>Successful... You are now Registered..</center></strong>';
  		unset($_SESSION['image_value']);
  		
  		exit;
	}
	else
	{
		echo 'false;Error: Please Contact Admin[register.php]';
	}
	$sql->dbclose();
	}
}

$smarty->assign("body",$content);
$smarty->assign('messages', array('All Fields are REQUIRED. NO Special Characters'));
$smarty->assign('messages_warning', true);
$smarty->assign("template","reg");
$smarty->display("index.tpl");


?>

edited

<?php
/* 
RoseCP - Acturus Edition
Copyrigt (C) 2008 dyeprey www.i-code-it.com

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

if (!defined('CWD'))
{
	define('CWD', (($getcwd = getcwd()) ? $getcwd : '.'));
}
session_start();
require (CWD . '/globals.php');
$smarty->assign("name","Registration");


if (!empty($_POST)) {
  $errors = array();
  	if (($rosecp_ae->inject($_POST['uname'])) || ($rosecp_ae->inject($_POST['pass'])) || ($rosecp_ae->inject($_POST['rpass'])) || ($rosecp_ae->inject($_POST['mname'])) || ($rosecp_ae->inject($_POST['email'])))
  	{ 
		  $errors[] = "Invalid Chars (AlphaNumeric Only)";
  	}
  	if (strlen(trim($_POST['uname'])) < 4 || strlen(trim($_POST['uname'])) > 23) 
	{
		$errors[] = "Username Length Not Accepted (4-23 Characters)";
	}
	if ($rosecp_ae->check_uname($_POST['uname']))
	{
		$errors[] = "Username Already Taken";
	}
	if (strlen(trim($_POST['pass'])) < 4 || strlen(trim($_POST['pass'])) > 23) 
	{ 
		$errors[] = "Password Length Not Accepted (4-23 Characters)";
	}
	if (!$rosecp_ae->valid_email($_POST['email'])) 
	{ 
		$errors[] = "Email Address Invalid";
	}
	if ($rosecp_ae->check_email($_POST['email']))
	{
		$errors[] = "Email Address Already Taken";
	}
	if (strcmp($_POST['pass'],$_POST['rpass'])) 
	{ 
		$errors[] = "Passwords Does not Match";
	}
	if (strlen(trim($_POST['mname'])) < 4 || strlen(trim($_POST['mname'])) > 23) 
	{
		$errors[] = "MotherName Length Not Accepted (4-23 Characters)";
	}
	if ((md5($_POST['v_image'])) <> ($_SESSION['image_value']))
	{
		$errors[] = "Verification Does Not Match";
	}
	
	if (!empty($errors)) 
  	{
    	echo 'false';
    	foreach ($errors as $error) 
    	{
      		echo ';' . $error;
    	}
    	exit;
  	}
  	else
  	{
	extract($_POST, EXTR_PREFIX_ALL, "posts"); 
  	$posts_pass1 = md5($posts_pass);
  	
  	$sql = $rosecp_ae->initDB(1);
	$add = $sql->query("INSERT into UserInfo([Account],[AscPassWord],[MD5PassWord],[Email],[MailIsConfirm],[memberinfo],[Right],[MotherLName]) 
	VALUES('$posts_uname','$posts_pass','$posts_pass1','$posts_email','1','2','1','$posts_mname')");
	if ($add)
	{	
		$date = date("F d Y");
		$sql->query("INSERT INTO RCP_Amessages ([To],[From],[title],[message],[date],[flag]) VALUES ('$posts_uname','$message[from]','$message[title]','$message[welcome]','$date','1')");
		echo 'true;<br /><strong><center>Successful... You are now Registered..</center></strong>';
  		unset($_SESSION['image_value']);
  		
  		exit;
	}
	else
	{
		echo 'false;Error: Please Contact Admin[register.php]';
	}
	$sql->dbclose();
	}
}

$smarty->assign("body",$content);
$smarty->assign('messages', array('All Fields are REQUIRED. NO Special Characters'));
$smarty->assign('messages_warning', true);
$smarty->assign("template","reg");
$smarty->display("index.tpl");


?>

This is the small amount of code that i edited
edits are shown in red

	extract($_POST, EXTR_PREFIX_ALL, "posts"); 
  	[COLOR="Red"]$posts_pass1[/COLOR] = md5($posts_pass);
  	
  	$sql = $rosecp_ae->initDB(1);
	$add = $sql->query("INSERT into UserInfo([Account],[COLOR="Red"][AscPassWord][/COLOR],[MD5PassWord],[Email],[MailIsConfirm],[memberinfo],[Right],[MotherLName]) 
	VALUES('$posts_uname','$posts_pass'[COLOR="Red"],'$posts_pass1'[/COLOR],'$posts_email','1','2','1','$posts_mname')");

Now when you go into your enterprise manager or what ever you use to look at your sql,
you will notice that all newly registered users will show their ascii pass as well as their md5 pass


All code is dyeprey's, or however you spell it
i have a few added features in my site,
i will share more when i have time

i did not write this script, just edited it

If this helped anyone, your welcome

 

[MDFK]

i like the relase but i hate someone else knowing my proper password...

 

[daniel369]

what's the point of this script
i don't really get it

EDIT:
ahhhh
nice nice , i'll use it
you want any credits for this script?

 

[buzbee]

no credit to me

this was mostly done by dyeprey
i just added a small function to enable the admin,
or db owner to see ascii form of the pass as well

 

[R]

lol this is just sick, pleas leav your players some privatesy

 

[buzbee]

well there is a reason you are an admin

it is because people should know to trust you with their private information
such as passwords
administrators have always had access to a users password,
even in osirose it shows the actual passwords and the md5 encrypted password

 

[Regain]

lol, i wouldnt use this for my own server.
-If someone is able to hack into the db via sql injection
or rdp then your players are pretty much screwed since a lot of people
use the same passwords for everything ;]
-You do not need to know the passwords of players, why would you need to? [ unless you're planning to use this info for something ]
-i would say it's pretty pointless for 'honest' admins etc because i dont think a lot of people would
join your rose if they know you're going to log their passwords ;]
i would only use this for educational purposes and apply it to phishers etc but they're stupid.

 

[☠RockAngeL☠]

Thanks for the guide but i agree with Regain