Hey guys,
i've been working on mYsql on a project and i had an idea, why not use my mYsql login code to mSsql so it fit flyff?
The php's are fully explained for php newbe.
This took me a little time to do.
Updated:
Security, AntiSQL injection.
Auth.
Download
Have fun using it!
Last edited by Max98; 07-07-12 at 12:31 AM.
Now make it safe, clean and fix the indent. You could also fit this in one file or use a class.
I will do the class and one file later, now i've done the safe part.Originally Posted by Gravious
Updated.
Still injectable if I'm reading the preg string right. You need to filter ', or you can just do this:
PHP Code:public function Clean($var)
{
$unpacked = unpack('H*hex', $var);
$hex = '0x' . $unpacked['hex'];
if($hex == "0x")
$hex = "0x00"; // null to avoid syntax error
return $hex;
}
// optional alphanumeric check:
if(preg_match("/[^a-z0-9]/", "", $_POST['username']) > 0)
{
// notify user that username must be alphanumeric
exit;
}
$username= Clean(preg_replace("/[^a-z0-9]/", "", $_POST['username']));
$encryptedpw = Clean(md5($hash . $_POST['password']));
$get01 = mssql_query("SELECT * FROM [ACCOUNT_TBL] WHERE account=$username");
$row01 = mssql_fetch_assoc($get01);
$get02 = mssql_query("SELECT * FROM [ACCOUNT_TBL_DETAIL] WHERE account=$username");
$row02 = mssql_fetch_assoc($get02);
Your code just return me Hex codes..
Code:0x74657374 0x6d61783938
Good job releasing something that everyone already has.
Don't single quote the variable and it'll work fine.
I had this problem before as well, but it was because I didn't understand how MSSQL works with hex strings. If you input something to an MSSQL query in hex form, WITHOUT quotes or single quotes around it, it will convert the hex to whatever data type corresponds to the field it's being placed in. Just remove the quotes around it, and it will work.
At last, i'm doing sumthing, not like you, never realsed something. (idk if you did but anyway)
Let's ignore your English right here.
Who cares about what someone releases? I only made a guide about PartyDungeon a year ago and posted that; my lack of releases does not conclude that I am not doing something.
Also, he does do a lot of PHP coding, not for everyone to leach, unlike your slightly modified Resource Files and Source.
Cute.
Comparison v1
Rankings Script (Old)
Register GUI Beta
User Control Panel v1
GM Check Script
@Gravious & Ojected
Meh.
My English?
I will make it good when i want to.
It's pretty basic, and from here on you could add more features after login, if you plan to work on it more. I did something similar with a login form, securing it after 5 login attempts with an ip ban, just for practice, that's how you get better, practice.
Last edited by zirkzen; 14-07-12 at 11:54 AM.
Reply With Quote