registration page

[mafioso200]

ok so i started to make a registration page but i always get errors as soon as i open it with http://127.0.0.1, i get "Name already in Use" "Password must be 6 characters in length" "No Sql injections" before the reg page even loads. i need some help

here are some screens of the errors and of my login.asp



login.asp

Code:

<!-- All credits to quantum fusion. Dynamicfusion@gmail.com  By using this page, you agreed not to remove this tag-->
 <%
if request.querystring("reg")<> "" then
Set Conn = Server.CreateObject("ADODB.Connection")
DSNtest="DRIVER={SQL Server};SERVER=MAFIADESK\SQLEXPRESS;UID=sa;PWD=************;DATABASE=account_db"
name=request.form("")
pass=request.form("")
Conn.open DSNtest

'First check if account is registered before ?
strsql="select * from " & lcase(left(name,1)) & "GameUser WHERE [userid]='"&lcase(name)&"'"
Set rs = Conn.execute (StrSql)
found=""
Do until rs.EOF
found=rs("userid")
rs.movenext
loop
if lcase(found)=lcase(name) then
response.write "<script>alert('That account has already been taken, please use another . Thank you')</script>"
elseif len(pass)>6 then
response.write "<script>alert('Password must be less than 6 characters !!!')</script>"
elseif instr(name,"'")=>1 or instr(pass,"'")=>1 then
response.write "<script>alert('No Sql injection allowed thank you ')</script>"
else
stringx="'username' ,'password','0','0','datereg','1/1/2030 12:00:00 AM ','30','0','0','0','0','0','0','0','0','0.0000','24/7/2006 12:00:00 AM','24/7/2007 12:00:00 AM','24/7/2006 12:00:00 AM','0','0','0','0','0','0','0','0','0','0'"
'stringx="INSERT INTO "& ucase(left(name,1)) & "GameUser"& " ([userid],[Passwd],[GameCode],[GPCode],[RegistDay],[DisuseDay],[UsePeriod],[inuse],[Grade],[EventChk],[SelectChk],[BlockChk],[SpecialChk],[ServerName],[Credit],[ECoin],[StartDay],[LastDay],[EditDay],[RNo],[DelChk],[SNo],[Channel],[BNum],[MXServer],[MXChar],[MXType],[MXLevel],[MXExp])     VALUES('username','password','0','0','1/1/1900 12:00:00 AM','1/1/2030 12:00:00 AM','30','0','0','0','0','0','0','0','0','0.00','24/7/2006 12:00:00 AM','24/7/2007 12:00:00 AM','24/7/2006 12:00:00 AM',0,'0','0','0','0','0','0',0,0,0);"
stringx="INSERT INTO "& ucase(left(name,1)) & "GameUser"& " ([userid],[Passwd],[GameCode],[GPCode],[RegistDay],[DisuseDay],[UsePeriod],[inuse],[Grade],[EventChk],[SelectChk],[BlockChk],[SpecialChk],[ServerName],[Credit],[ECoin],[StartDay],[LastDay],[EditDay],[RNo],[DelChk],[SNo],[Channel],[BNum],[MXServer],[MXChar],[MXType],[MXLevel],[MXExp])     VALUES('username','password','0','0',NULL,NULL,'30','0','0','0','0','0','0','0','0','0.00',NULL,NULL,NULL,0,'0','0','0','0','0','0',0,0,0)"
stringx=replace(stringx,"username",name)
stringx=replace(stringx,"password",pass)
conn.execute stringx
response.write "<script>alert('Done ! Welcome To the community !!')</script>"
end if
conn.close
end if
%><body bgcolor="#000000" text="#CCFFCC"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="595">
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com!CCC -->
   <tr>
     <td width="100%" style="background-repeat: no-repeat; background-position:  center 50%; ; background-image:url('top.JPG')" background="top.JPG" height="243">&nbsp;</td>
   </tr>
   <tr>
     <td width="100%" style="background-repeat: no-repeat; background-position:  center 50%; " height="214" background="mid.JPG" align="center" valign="top">
     <form method="POST" action="login.asp?reg=true">
       <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2">
         <tr>
           <td width="40%">&nbsp;</td>
           <td width="1%"><b>Username:</b><input type="text" name="user" size="20" style="background-color: #808080" value="<%=request.form("user")%>"><p>
           <b>Password:</b><input type="password" name="pass" size="21" style="background-color: #808080"></p>
           <p align="left">
           <input type="submit" value="Register" name="B1" style="font-family: ver; font-size: 8pt; font-weight: bold; background-color: #808080"></p>
           </td>
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com! -->
           <td width="60%">&nbsp;</td>
         </tr>
       </table>
       <p>&nbsp;</p>
     </form>
&nbsp;</td>
   </tr>
   <tr>
     <td width="100%" height="138" background="bot.JPG" style="background-image: url('bot.JPG'); background-repeat: no-repeat; background-position: center">
     <p align="center"><u><b>Designed by:Dynamicfusion@gmail.com</b></u></p>
     <p>&nbsp;</p>
     <p>&nbsp;</p>
     <p>&nbsp;</td>
   </tr>
 </table>
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com -->
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com -->

i am using babywebssl, but for some reason if i try to type in 127.0.0.1 it goes to another website with xampp which i already uninstalled but keeps showing up, i have to open it inside the webserver folder inorder for it to show

[MentaL]

[Filterheadz]

You need a webserver to host the webpage, please try baby webserver or something, it's great for a single asp page (and for using it offfline.)

Also, I don't suggest using that script, I heard some peoples database was stolen or something by this script, or was this a fake alert?

Anyhow, if you are planning to setup a clan system I suggest you use sandurr's registration script.

[RagingYou2]

You need ASP support on your webserver

And yes that script is vulnerable for SQL Injection, it does have some kind of attempt to defend against SQL Injection, but it does that check after it has already run the malicious query, not a very smart move from the programmer.

[mafioso200]

nvm solved. thank Filterhead