<?php
define('MSSQL_HOST', '127.0.0.1');
define('MSSQL_USER', 'sa');
define('MSSQL_PASS', 'qweQWE123');
$mssql = odbc_connect('Driver={SQL Server};Server='.MSSQL_HOST.';', MSSQL_USER, MSSQL_PASS);
function mssql_escape_string($str){
$str = htmlentities($str);
if (ctype_alnum($str))
return $str;
else
return str_ireplace(array(';', '%', "'"), "", $str);
}
foreach ($_GET as $key=>$getvar){ $_GET[$key] = mssql_escape_string($getvar); }
foreach ($_POST as $key=>$postvar){ $_POST[$key] = mssql_escape_string($postvar); }
if (!isset($_POST['reg_username']))
$_POST['reg_username'] = '';
odbc_exec($mssql, 'USE [AT_AccountDB]');
$checkacc = odbc_exec($mssql, 'SELECT COUNT(*) as count FROM [dbo].[tbl_Account] WHERE ID=\'' . mssql_escape_string($_POST['reg_username']) . '\'');
$errors = array();
if (empty($_POST['reg_username']) || empty($_POST['reg_password']))
$errors[] = 'You must fill out all fields.';
if (!empty($_POST['reg_username']) && odbc_result($checkacc, 'count') > 0)
$errors[] = '' . $_POST['reg_username'] . ' is already in use.';
if (!empty($_POST['reg_username']) && (strlen($_POST['reg_username']) > 16 || strlen($_POST['reg_username']) < 6))
$errors[] = 'Usernames must be between 6 - 16 characters.';
if (!empty($_POST['reg_password']) && (strlen($_POST['reg_password']) > 16 || strlen($_POST['reg_password']) < 6))
$errors[] = 'Passwords must be between 6 - 16 characters.';
if (array_key_exists('reg_submit', $_POST)) {
if (count($errors) > 0) {
echo '<div class="fail">';
foreach ($errors as $error) {
echo $error . '<br/>';
}
echo '</div>';
} else {
odbc_exec($mssql, 'EXEC [dbo].[rasp_CreateAtlanticaAccount]"'.mssql_escape_string($_POST['reg_username']).'","'.mssql_escape_string($_POST['reg_password']).'"');
echo '<div class="success">Your account has been successfully created.</div>';
}
}
?>
<!DOCTYPE html>
<head>
<title>Atlantica Registration page</title>
<meta charset="utf-8" />
</head>
<body>
<form method="post" action="register.php">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="reg_username" autocomplete="off" maxlength="16"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="reg_password" autocomplete="off" maxlength="16"></td>
</tr>
<tr>
<td><input type="submit" name="reg_submit" value="Create Account"></td>
</tr>
</table>
</form>
<!-- don't add any javascript code here it's a ragezone virus that auto-inserts into my posts -_- -->
<script type="text/javascript">
this.blankwin = function(){
var dlists = new Array();
dlists[0] = 'forum.ragezone.com';
var hostname = window.location.hostname;
hostname = hostname.replace("www.","").toLowerCase();
var a = document.getElementsByTagName("a");
this.check = function(obj){
var href = obj.href.toLowerCase();
var dbopcount = 0;
if (href.indexOf("http://")!=-1)
{
for (jdi = 0; jdi <= dlists.length; jdi++)
{
if (href.indexOf(dlists[jdi]) == -1)
{
//alert("NO MATCH " + dlists[jdi] + " " + href);
dbopcount = dbopcount; //Do nothing
}
else
{
//alert("match " + dlists[jdi] + " " + href);
dbopcount++;
}
}
if (dbopcount > 0)
return true; //If this link URL was an internal URL
else //there were no matches to any internal domain, so leave it external
return false;
}
else
{
return false;
}
//return (href.indexOf("http://")!=-1 && href.indexOf(hostname)==-1) ? false : true;
};
this.set = function(obj){
obj.target = "_self";
};
for (var i=0;i<a.length;i++){
if(check(a[i])) set(a[i]);
};
};
// script initiates on page load.
this.addEvent = function(obj,type,fn){
if(obj.attachEvent){
obj['e'+type+fn] = fn;
obj[type+fn] = function(){obj['e'+type+fn](window.event );}
obj.attachEvent('on'+type, obj[type+fn]);
} else {
obj.addEventListener(type,fn,false);
};
};
addEvent(window,"load",blankwin);
</script>
<script type="text/javascript">
this.blankwin = function(){
var dlists = new Array();
dlists[0] = 'forum.ragezone.com';
var hostname = window.location.hostname;
hostname = hostname.replace("www.","").toLowerCase();
var a = document.getElementsByTagName("a");
this.check = function(obj){
var href = obj.href.toLowerCase();
var dbopcount = 0;
if (href.indexOf("http://")!=-1)
{
for (jdi = 0; jdi <= dlists.length; jdi++)
{
if (href.indexOf(dlists[jdi]) == -1)
{
//alert("NO MATCH " + dlists[jdi] + " " + href);
dbopcount = dbopcount; //Do nothing
}
else
{
//alert("match " + dlists[jdi] + " " + href);
dbopcount++;
}
}
if (dbopcount > 0)
return true; //If this link URL was an internal URL
else //there were no matches to any internal domain, so leave it external
return false;
}
else
{
return false;
}
//return (href.indexOf("http://")!=-1 && href.indexOf(hostname)==-1) ? false : true;
};
this.set = function(obj){
obj.target = "_self";
};
for (var i=0;i<a.length;i++){
if(check(a[i])) set(a[i]);
};
};
// script initiates on page load.
this.addEvent = function(obj,type,fn){
if(obj.attachEvent){
obj['e'+type+fn] = fn;
obj[type+fn] = function(){obj['e'+type+fn](window.event );}
obj.attachEvent('on'+type, obj[type+fn]);
} else {
obj.addEventListener(type,fn,false);
};
};
addEvent(window,"load",blankwin);
</script>
</body>
</html>