as i'm quitting the BGunZ project, i'll release some of my things.
as many people know, php5.3+ don't have the mssql function, now we need to use the sqlsrv function and this made so many people keep their php outdated.
when the player register at your server, this page 'll get the IP of user and locate the country and city of player.
why do I need SQLSRV?
MSSQL was dropped in PHP v5.3 -- the old registration scripts first put out in this community are designed to use the MSSQL_connect or MSSQL api. This can negatively impact the over-all performance of your website and is an inconvience. The SQLSRV Api was created as a replacement of the archaic MSSQL api, the syntax does not very all that greatly but did take a great deal of rewriting.
hope that helps
-----------------------------
php.ini Changes:
allow_url_fopen = On
allow_url_include = 1
Database Changes:
Go to your GunZ Database > Tables
Right click on dbo.Accounts and click "Modify".
Add a new line:
Column Name: City
Data type: varchar(50)
Allow nulls: Checked
Now click in "New Query" and execute this query in your GunZDB to change your spInsertAccount stored procedure.
spInsertAccount Stored Procedure
Code:
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER PROC [dbo].[spInsertAccount]
@UserID varchar(20)
, @Password varchar(20)
, @Cert tinyint
, @Name varchar(128)
, @Age smallint
, @Sex tinyint
, @Email varchar(50)
, @City varchar(50)
, @Country varchar(50)
AS
BEGIN TRAN
SET NOCOUNT ON
DECLARE @AIDIdent int
INSERT INTO Account (UserID, Cert, Name, Age, Sex, Email, City, Country, UGradeID, PGradeID, RegDate)
Values (@UserID, @Cert, @Name, @Age, @Sex, @Email, @City, @Country, 0, 0, GETDATE())
IF 0 <> @@ERROR
BEGIN
ROLLBACK TRAN
RETURN
END
SET @AIDIdent = @@IDENTITY
INSERT INTO Login (UserID, AID, Password)
Values (@UserID, @AIDIdent, @Password)
IF 0 <> @@ERROR
BEGIN
ROLLBACK TRAN
RETURN
END
IF (GETDATE() < '2009-06-29T07:00:00')
BEGIN
INSERT INTO dbo.EventAccount(AID, UserID)
VALUES (@AIDIdent, @UserID);
IF (0 <> @@ERROR)
BEGIN
ROLLBACK TRAN;
RETURN;
END
END
COMMIT TRAN
------------------------------------
Website side:
_inc/config.php
PHP Code:
<?php
$cfg['sql_host'] = ""; // SQL Host
$cfg['sql_user'] = ""; // SQL Username
$cfg['sql_pass'] = ""; // SQL Password
$cfg['sql_db'] = ""; // Gunz DB Database Name
$cfg ['connInfo'] = array("UID"=>$cfg['sql_user'],
"PWD"=>$cfg['sql_pass'],
"Database"=>$cfg['sql_db']);
$sqlLink = sqlsrv_connect($cfg[sql_host], $cfg ['connInfo']);
if($sqlLink === false)
{
die("Could not connect to GunZ database!");
}
?>
_inc/security.class.php
PHP Code:
<?php
class security
{
function is_secure($string)
{
$pattern = "#[^a-zA-Z0-9_\-]#";
if(preg_match($pattern,$string)==true)return false;
else
return true;
}
}
?>
register.php
PHP Code:
<?php
require_once('_inc/security.class.php');
require_once('_inc/config.php');
$ip = $_SERVER['REMOTE_ADDR'];
// chmod 0777 for folder 'cache'
$file = "./cache/".$ip;
if(!file_exists($file)) {
// request
$json = file_get_contents("http://api.easyjquery.com/ips/?ip=".$ip."&full=true");
$f = fopen($file,"w+");
fwrite($f,$json);
fclose($f);
} else {
$json = file_get_contents($file);
}
$json = json_decode($json,true);
echo "<pre>";
$cityinfo=$json['cityName'];
$countryinfo=$json['countryName'];
if(!isset($_POST['submit']))
{
echo "<table border='1'>
<form method='post'>
<td>Name</td><td><input type='text' name='name'></td><tr/>
<td>Sex</td><td><select name='sex'><option value='1'>Male</option><option value='0'>Female</option></select></td><tr/>
<td>E-Mail</td><td><input type='text' name='email' maxlenght='2'></td><tr/>
<td>Age</td><td><input type='text' name='age'></td><tr/>
<td>User</td><td><input type='text' name='username' maxlength='16'></td><tr/>
<td>Country</td><td><input type='text' value='$countryinfo' disabled></td><tr/>
<td>City</td><td><input type='text' value='$cityinfo' disabled></td><tr/>
<td>Password</td><td><input type='password' name='pw1' maxlength='32'></td><tr/>
<td>Password Confirmation</td><td><input type='password' name='pw2' maxlength='32'></td><tr/>
<td></td><td><input type='submit' name='submit' value='Register'></td>
</form>
</table>";
}
else
{
if(strlen($_POST['username']) < 3) $msg[] = "User too short";
if(strlen($_POST['username']) > 16)$msg[] = "User too long";
if(strlen($_POST['pw1']) < 6) $msg[] = "Password too short";
if(strlen($_POST['pw1']) > 32)$msg[] = "Password too long";
if(strlen($_POST['pw2']) < 6) $msg[] = "Password Confirmation too short";
if(strlen($_POST['pw2']) > 32) $msg[] = "Password Confirmation too long";
if($_POST['pw1'] != $_POST['pw2']) $msg[] = "Passwords do not match";
$sec = new security();
if($sec->is_secure($_POST['username']) == false) $msg[] = "User has symbols not allowed";
if($sec->is_secure($_POST['pw1']) == false) $msg[] = "Password has symbols not allowed";
if($sec->is_secure($_POST['pw2']) == false) $msg[] = "Password Confirmation has symbols not allowed";
if(count($msg) > 0)
{
for($i = 0; $i < count($msg); $i++)
{
echo $msg[$i]."<br/>";
}
return;
}
else
{
//Check if account exists
$accountExists = sqlsrv_num_rows(sqlsrv_query( $sqlLink, "select UserID from Login where UserID='$_POST[username]'"));
if($accountExists > 0) echo "This account already exists<br/>";
else
{
$pwd = md5($_POST['pw1']);
// Configura o parametro
$sql_params = "EXECUTE spInsertAccount ?, ?, ?, ?, ?, ?, ?, ?, ?";
// Configura os valores do parametro
$params = array($_POST['username'], $pwd, NULL, $_POST['name'], $_POST['age'], $_POST['sex'], $_POST['email'], $cityinfo, $countryinfo);
// Executa a query.
$query = sqlsrv_query($sqlLink, $sql_params, $params);
if($query)
{
echo "Your account has been created<br />";
}
else
{
echo "An error has been occurred!<br />";
die( print_r( sqlsrv_errors(), true));
}
// Release resources.
sqlsrv_free_stmt($query);
sqlsrv_close($sqlLink);
}
}
}
?>
Screenshot:
To deactive MD5, just comment the line 77 of register.php and change the line 83 to:
[PHP]
$params = array($_POST['username'], $POST_['pw1'], NULL, $_POST['name'], $_POST['age'], $_POST['sex'], $_POST['email'], $cityinfo, $countryinfo);
Reply With Quote
