[NA - 2011] How to IP Ban

**Odioso OS** · 12-08-15

Hello guys, anyone can let me know how to IP Ban a user? someone has keep insulting a player and he keep making acc with same IP, just need to know how to IP
Thanks

**MentaL**

**KobaltLegion** · 13-08-15

1) IP ban pointless.
2) It has to be built into your launcher.
3) Use mac/uniqueid :C.

**Odioso OS** · 13-08-15

Originally Posted by KobaltLegion

1) IP ban pointless.
2) It has to be built into your launcher.
3) Use mac/uniqueid :C.

how to do so?
and whats the command to ban?

PS; Thanks mod, mistake on tag xD

**fiestanerd69** · 13-08-15

It doesn't have to be built in your launched. There is a method for it in the database and the operator tool. Here was a similar post before, I commented there how to do it. Look for that thread. I would link you but I can't at the moment. Search before you post please. And make sure to use the correct ta for he title before posting.

I should probably also let you know that IP banning is not a 100% sure way of blockin someone from your server. Changing your IP is easy and it can always be bypassed.

**Evildarkang** · 13-08-15

If you're after that particular one, i did make part of the script check for previously used emails; quite easy to do, but with the same IP it isn't effective. Emails yes. lemmie get the code i used for emails.

Code:

    if(count($EmailExistArray) > 0)
    {
        error("Email Address already taken, please try again.");
        die();
    }

you could limit it down to IP so 1 account per ip, and if then you can use an update proceedure to the code of login to make sure the IP remains the same therefore limiting the accounts to just 1 person per account. Stamping out the bug of the IP blocking. Just a thought mind. What you would do inside the register file

Code:

<?php

// CONFIG 
$_Config['Debug'] = true;
$_Config['SQL']['Host'] = 'LOCALHOST\SQLEXPRESS';    
$_Config['SQL']['User'] = 'sa';
$_Config['SQL']['Pass'] = 'DATABASEPASSWORD';    
$_Config['SQL']['Database'] = 'Accounts';
$_Config['SQL_Error_Display'] = true;
$sIP = $_SERVER['REMOTE_ADDR'];

if (isset($_POST['reg']))
{


function ValidE( $email ){
    return filter_var( $email, FILTER_VALIDATE_EMAIL );
}


function generateSalt() 
{
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < 10; $i++)
    {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}




class ES_Database
{
    public $conn = NULL;
    
    private $query = NULL;
    
    private $sql_resource = NULL;
    
    public $query_count = 0;
    
    private $query_parameters = array();
    
    private $_Config = NULL;




    //Construct
    public function ES_Database() 
    {
        global $_Config;
        
        $this->_Config = $_Config;
        
        //$this->Connect($db);
    }


    public function Connect($db)
    {
        //Build the connection array
        $conn_array = array( "UID" => $this->_Config['SQL']['User'] , "PWD" => $this->_Config['SQL']['Pass'] , "Database" => $db );
        
        //Connect or die
        $this->conn = sqlsrv_connect( $this->_Config['SQL']['Host'] , $conn_array ) or $this->OnDBError();
        
    }
    
    public function OnDBError()
    {
        if( $this->_Config['SQL_Error_Display'] )
        {
            $k = (array) sqlsrv_errors();
            foreach( $k as $error => $message )
            {
                echo "[$error] " . $message[2] . "<br>" ;
            }
        }
    }
    
    public function query( $sql , $type = 0 )
    {
        if( $type == 0 )
        {
            $type = array( "Scrollable" => 'forward' );
        }
        elseif( $type == 1 )
        {
            $type = array( "Scrollable" => 'static' );
        }
        elseif( $type == 2 )
        {
            $type = array( "Scrollable" => 'dynamic' );
        }
        elseif( $type == 3 )
        {
            $type = array( "Scrollable" => 'keyset' );
        }   
        elseif( $type == 4 )
        {
            $type = array( "Scrollable" => 'buffered' );
        }               
        
        $this->query = $sql;
        
        $this->sql_resource = sqlsrv_query( $this->conn , $this->query  , array() , $type );
        
        if( ! $this->sql_resource )
        {
            $this->OnDbError();
        }
   
        $this->query_count++;
    }    
    
    public function fetchResult()
    {
        if( $this->sql_resource )
        {
            sqlsrv_fetch( $this->sql_resource );
            $k = sqlsrv_get_field( $this->sql_resource , 0 );
            $this->Free();
            return $k;
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is nothing to fetch or there was an error with your query. - " , __FUNCTION__ ;
            }
        }
        
        $this->sql_resource = NULL;
    }
    
    public function fetchAssoc()
    {
        if( $this->sql_resource )
        {
            $r = Array();
            $count = 0;
            $stop = false;
            /*$k = sqlsrv_fetch_array( $this->sql_resource );
            $this->Free();
            return $k;*/
            
            while (!$stop)
            {
                $row = sqlsrv_fetch_array($this->sql_resource);
                if ($row === false) die("Account has been registered.");
                $stop = !$row;
                if (!$stop) $r[$count] = $row;
                $count++;
            }
            return $r;
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is nothing to fetch or there was an error with your query. - " , __FUNCTION__ ;
            }
        }
        
        $this->sql_resource = NULL;
    }


    public function fetchObject($silent = false)
    {
        if( $this->sql_resource )
        {
            $k = sqlsrv_fetch_object( $this->sql_resource );
            $this->Free();
            return $k;
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                if (!$silent)
                    echo "There is nothing to fetch or an error with your query. - " , __FUNCTION__;
            }
        }
        
        $this->sql_resource = NULL;        
    }
    
    public function prepare( $sql , array $parameters )
    {
        $this->query = $sql;
        
        $this->query_parameters = $parameters;
        
        $arr = array();
        
        foreach( $this->query_parameters as $key => $value )
        {
            
            $arr[$key] = &$this->query_parameters[$key];
        }


        $this->sql_resource = sqlsrv_prepare( $this->conn , $this->query , $arr );
        
        $this->query_count++;
        
        if( ! $this->sql_resource )
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "Prepared statement failed, check your query.";
            }
        }
    }    


    public function execute()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_execute( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is nothing to execute or an error with your prepared statement.";
            }
        }
    }
    
    public function prepareAndFetch( $sql , array $parameters , $type = 0 )
    {
        $this->prepare( $sql , $parameters );
        
        $this->execute();
        
        if( $type == 0 )
        {
            return $this->fetchAssoc();
        }
        elseif( $type == 1 )
        {
            return $this->fetchResult();
        }
        elseif( $type == 2 )
        {
            return $this->fetchObject();
        }
    }
    
    public function prepareAndExecute( $sql , array $parameters , $type = 0 )
    {
        $this->prepare( $sql , $parameters );
        
        $this->execute();
    }    
    
    public function queryAndFetch( $sql , $type = 0 , $pquery = false , $parameters = NULL )
    {
        if( $pquery == false )
        {
            $this->query( $sql );
        }
        else
        {
            $this->pquery( $sql , $parameters );
        }
        
        if( $type == 0 )
        {
            return $this->fetchAssoc();
        }
        elseif( $type == 1 )
        {
            return $this->fetchResult();
        }
        elseif( $type == 2 )
        {
            return $this->fetchObject();
        }
    }
    
    public function NumRows()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_num_rows( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is no query set or an error with your query. - " , __FUNCTION__;
            }
        }
    }
    
    public function pquery( $sql , array $parameters , $type = 0 )
    {
        if( $type == 1 )
        {
            $type = array( "Scrollable" => 'forward' );
        }
        elseif( $type == 2 )
        {
            $type = array( "Scrollable" => 'static' );
        }
        elseif( $type == 3 )
        {
            $type = array( "Scrollable" => 'dynamic' );
        }
        elseif( $type == 4 )
        {
            $type = array( "Scrollable" => 'keyset' );
        }   
        elseif( $type == 5 )
        {
            $type = array( "Scrollable" => 'buffered' );
        }
        else
        {
            unset( $type );
        }
        
        $this->query = $sql;
        
        if( isset( $type ) )
        {
            $this->sql_resource = sqlsrv_query( $this->conn , $this->query , $parameters , $type );
        }
        else
        {
            $this->sql_resource = sqlsrv_query( $this->conn , $this->query , $parameters );
        }
        
        if( ! $this->sql_resource )
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "Query Failed";
            }
        }
        
        $this->query_count++;
    }
    
    public function HasRows()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_has_rows( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is no query set or an error with your query. - " , __FUNCTION__;
            }
        }       
    }
    
    public function RowsAffected()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_rows_affected( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is no query set or an error with your query.";
            }
        }       
    }
    
  
    public function Free()
    {
        $this->query = NULL;
        
        $this->query_parameters = array();
        
        if( $this->sql_resource )
        {
           sqlsrv_free_stmt( $this->sql_resource ); 
        }
    }
    
    public function Disconnect()
    {
        ( $this->conn == NULL ) ? NULL : sqlsrv_close( $this->conn ); 
    }
    
    public function Escape( $str )
    {
        $str = str_replace( "'", "''", $str );
        return trim( $str );
    }
}
    
    function error($s)
    {
        echo $s;
        exit;
    }




    if (!isset($_POST['user']) || !isset($_POST['pass']) || !isset($_POST['email']))
    {
        
    }
    $sUser = $_POST['user'];
    $sPass = $_POST['pass'];
    $sEmail = $_POST['email'];


    if (!ctype_alnum($sUser))
    {
        error("Invalid Username. Alpha-Numeric characters only.");
    }
    if (!ctype_alnum($sPass))
    {
        error("Invalid Password. Alpha-Numeric characters only.");
    }
    if (!ValidE($sEmail))
    {
        error("Invalid Username. Alpha-Numeric characters only.");
    }
    if (strlen($sUser) <= 3)
    {
        error("Invalid Username. Must be atleast 4 characters.");
    }
    if (strlen($sPass) <= 3)
    {
        error("Invalid Password. Must be atleast 4 characters.");
    }
   
    $DB = new ES_Database();
    $DB->connect($_Config['SQL']['Database']);
    $TopUserArray = $DB->queryAndFetch("SELECT TOP 1 * FROM tAccounts ORDER BY nEMID DESC", 0, true, array());
    $UserExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sUsername = ?", 0, true, array($sUser));
    $EmailExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sEmail = ?", 0, true, array($sEmail));
    $sIPExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sIP = ?", 0, true, array($sIP));
    
    if (count($TopUserArray) == 0)
    {
        $nID = 1;
    }
    else
    {
        $nID = $TopUserArray[0]['nEMID'];
    }
    
    if(count($UserExistArray) > 0)
    {
        error("Username already taken, please try again.");
        die();
    }
    if(count($EmailExistArray) > 0)
    {
        error("Email Address already taken, please try again.");
        die();
    }
    if(count($sIPExistArray) > 0)
    {
        error("You Can Only Have One Account Per IP.");
        die();
    }
    
    $nID = intval($nID) + 1;
    
    $sSalt = generateSalt();
    
    $sSafePass = MD5(MD5($sPass) . $sSalt);
    
    $sIP = $_SERVER['REMOTE_ADDR'];
    
    $params = array( $nID , $sUser , $sPass , $sSalt , $sEmail, $sIP );
    $sql = "INSERT INTO tAccounts([nEMID],[sUsername],[sUserPass],[sUserPassSalt],[sEmail],[nAuthID],[sIP],[dDate],[sRID]) VALUES ( ? , ? , ? , ? , ? , 3 , ? , CURRENT_TIMESTAMP, '-' );";
    
    $DB->queryAndFetch($sql, 0, true, $params);
    
    die("Your account has been created!");
    exit;
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Focus Online - Account Creation</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
*{margin:0;padding:0;}body{padding-top:00px;font:11px "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;}form{margin-left:8px;border:1px #000000;padding:16px 16px 40px 16px;font-weight:normal;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:5px;background:#fff;border:1px solid #e5e5e5;-moz-box-shadow:rgba(200,200,200,1) 0 4px 18px;-webkit-box-shadow:rgba(200,200,200,1) 0 4px 18px;-khtml-box-shadow:rgba(200,200,200,1) 0 4px 18px;box-shadow:rgba(200,200,200,1) 0 4px 18px;}form .forgetmenot{font-weight:normal;float:left;margin-bottom:0;}.button-primary{font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;padding:3px 10px;border:none;font-size:12px;border-width:1px;border-style:solid;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:11px;cursor:pointer;text-decoration:none;margin-top:-3px;}#login form p{margin-bottom:0;}label{color:#777;font-size:13px;}form .forgetmenot label{font-size:11px;line-height:19px;}form .submit,.alignright{float:right;}form p{margin-bottom:24px;}h1 #nav{text-shadow:rgba(255,255,255,1) 0 1px 0;}#backtoblog{position:absolute;top:0;left:0;border-bottom:#c6c6c6 1px solid;background:#d9d9d9;background:-moz-linear-gradient(bottom,#d7d7d7,#e4e4e4);background:-webkit-gradient(linear,left bottom,left top,from(#d7d7d7),to(#e4e4e4));height:30px;width:100%;}#backtoblog a{text-decoration:none;display:block;padding:8px 0 0 15px;}#login{width:320px;margin:0em auto;}#login_error,.message{margin:0 0 16px 8px;border-width:1px;border-style:solid;padding:0px;-moz-border-radius:3px;-khtml-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;}#nav{margin:0 0 0 8px;padding:16px;}#user_pass,#user_login,#user_email{font-size:12px;width:97%;padding:3px;margin-top:2px;margin-right:6px;margin-bottom:16px;border:1px solid #e5e5e5;background:#fbfbfb;}input{color:#555;}.clear{clear:both;}
</style>
<body background="">
<center>
<table border="0" width="50%" style="background:transparent;">
<tr>
<td>
<center>
<Br>
<div id="login">
<form name="loginform" id="loginform" action="#" method="post">


    <div id="registerform">
    <b><font color="black">Account Creation</b></font><br><br>
    <p></p>
    <p>
        <label>Username: &nbsp;
        <input type="text" name="user" id="user" class="input" value=""  /></label><br><br><br>
    </p>
    <p>
        <label>Password: &nbsp;
        <input type="password" name="pass" id="pass" class="input" value=""  /></label><br><br>
    </p>
    <p>
        <label>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Email: &nbsp;
        <input type="text" name="email" id="email" class="input" value=""  /></label>
    </p>
    <p><br><br></p>
    <p class="submit">
        <input type="button" id="GoBtn" class="button-primary" onClick="doSignup()" value="Create Account" tabindex="100" />
    </p>


</div></form><br><br><script language = "javascript">
function doSignup()
{
user = document.getElementById("user").value;
pass = document.getElementById("pass").value;
email = document.getElementById("email").value;


xUrl = "?r=" + Math.floor(Math.random()*132165321);
document.getElementById("registerform").innerHTML = "<br><br><center><img src='http://focusgameonline.com/img/loader.gif'><br><br>";
if (window.XMLHttpRequest)
  {
  xmlhttp=new XMLHttpRequest();
  }
else
  {
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }


xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    setTimeout("ShowResponse(xmlhttp.responseText)",2000);
    }
  }
  xmlhttp.open("POST", xUrl, true);
  xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send("reg=1&user=" + user + "&pass=" + pass + "&email=" + email);
if (navigator.userAgent.indexOf("Firefox") != -1)
{
setTimeout("ShowResponse(xmlhttp.responseText)",2000);
}
}


function ResetForm(u)
{
    window.location = window.location;
}
function ShowResponse(ResponseText)
{
    alert(ResponseText);
    window.location = window.location;
}


</script>
        </div>
            </body>
</html>

This one uses AuthID 4 for banning, 3 for game play.

Code:

<?php
$conf['db_host'] = "LocalHost\SQLExpress";
$conf['db_user'] = "sa";
$conf['db_pass'] = "DATABASEPASSWORD";
$conf['db_name'] = "Accounts";

$user = sql_clean($_GET['Username']);
$passhash = sql_clean($_GET['Password']);

$con = mssql_connect($conf['db_host'],$conf['db_user'],$conf['db_pass']) or die('Database connect Fail.');
$db = mssql_select_db($conf['db_name'], $con) or die('Database Init Fail.');

$exec = mssql_query("SELECT nEMID, sUserPass, nAuthID FROM tAccounts where sUsername = '$user'");

if($exec)
{
    if(mssql_num_rows($exec) != 1)
    {
        die('Wrong Username.');
    }
    $AccountData = mssql_fetch_assoc($exec);
    $PlaintxtPass = $AccountData['sUserPass'];

    $AccountAuth = $AccountData['nAuthID'];

    $PlaintxtnEMID = $AccountData['nEMID'];

    if ($AccountAuth == 5)
	{
        	die('Email Not Verified.');
	}
    elseif ($AccountAuth == 2)
	{
        	die('Game Down For Maintenance.');
	}
    elseif ($AccountAuth == 4)
	{
        	die('Account Banned.');
	}
    elseif ($AccountAuth == 9)
	{
        	die('Admin Control.');
	}
    elseif (MD5($PlaintxtPass) == $passhash)
    {
        $Token = RandomToken(35);

        $setToken = null;

        if (mssql_num_rows(mssql_query("SELECT * FROM tTokens WHERE nEMID = '".$PlaintxtnEMID."'")) >= 1)
        {
            mssql_query("DELETE FROM tTokens WHERE nEMID = '".$PlaintxtnEMID."'");
            $setToken = mssql_query("INSERT INTO tTokens (nEMID, sToken) VALUES('".$PlaintxtnEMID."', '".$Token."')");
        }
        else
            $setToken = mssql_query("INSERT INTO tTokens (nEMID, sToken) VALUES('".$PlaintxtnEMID."', '".$Token."')");

        if ($setToken)
            die('OK#'.$Token);
        else
            die('SetToken Error');
    }
    else
    {
        die('Wrong Password.');
    }
}
else
{
    die('Query Failed');
}

mssql_close();

function sql_clean($str)
{
    $search  = array("", "\0", "\n", "\r", "\x1a", "'", '"', '(', ')');
    $replace = array("", "", "", "", "", "", "", "", "");
    return str_replace($search, $replace, $str);
}

function RandomToken( $length )
{
	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        $str = "";
	$size = strlen( $chars );
	for( $i = 0; $i < $length; $i++ ) {
		$str .= $chars[ rand( 0, $size - 1 ) ];
	}

	return $str;
}
?>

Login.php, and Register.php issued.

Key For Login:

5 = Email Not Verified
4 = Banned (account)
9 = Admin Control
2 = Game Maintenance

**Odioso OS** · 15-08-15

Originally Posted by Evildarkang

If you're after that particular one, i did make part of the script check for previously used emails; quite easy to do, but with the same IP it isn't effective. Emails yes. lemmie get the code i used for emails.

Code:

    if(count($EmailExistArray) > 0)
    {
        error("Email Address already taken, please try again.");
        die();
    }

you could limit it down to IP so 1 account per ip, and if then you can use an update proceedure to the code of login to make sure the IP remains the same therefore limiting the accounts to just 1 person per account. Stamping out the bug of the IP blocking. Just a thought mind. What you would do inside the register file

Code:

<?php

// CONFIG 
$_Config['Debug'] = true;
$_Config['SQL']['Host'] = 'LOCALHOST\SQLEXPRESS';    
$_Config['SQL']['User'] = 'sa';
$_Config['SQL']['Pass'] = 'DATABASEPASSWORD';    
$_Config['SQL']['Database'] = 'Accounts';
$_Config['SQL_Error_Display'] = true;
$sIP = $_SERVER['REMOTE_ADDR'];

if (isset($_POST['reg']))
{


function ValidE( $email ){
    return filter_var( $email, FILTER_VALIDATE_EMAIL );
}


function generateSalt() 
{
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < 10; $i++)
    {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}




class ES_Database
{
    public $conn = NULL;
    
    private $query = NULL;
    
    private $sql_resource = NULL;
    
    public $query_count = 0;
    
    private $query_parameters = array();
    
    private $_Config = NULL;




    //Construct
    public function ES_Database() 
    {
        global $_Config;
        
        $this->_Config = $_Config;
        
        //$this->Connect($db);
    }


    public function Connect($db)
    {
        //Build the connection array
        $conn_array = array( "UID" => $this->_Config['SQL']['User'] , "PWD" => $this->_Config['SQL']['Pass'] , "Database" => $db );
        
        //Connect or die
        $this->conn = sqlsrv_connect( $this->_Config['SQL']['Host'] , $conn_array ) or $this->OnDBError();
        
    }
    
    public function OnDBError()
    {
        if( $this->_Config['SQL_Error_Display'] )
        {
            $k = (array) sqlsrv_errors();
            foreach( $k as $error => $message )
            {
                echo "[$error] " . $message[2] . "<br>" ;
            }
        }
    }
    
    public function query( $sql , $type = 0 )
    {
        if( $type == 0 )
        {
            $type = array( "Scrollable" => 'forward' );
        }
        elseif( $type == 1 )
        {
            $type = array( "Scrollable" => 'static' );
        }
        elseif( $type == 2 )
        {
            $type = array( "Scrollable" => 'dynamic' );
        }
        elseif( $type == 3 )
        {
            $type = array( "Scrollable" => 'keyset' );
        }   
        elseif( $type == 4 )
        {
            $type = array( "Scrollable" => 'buffered' );
        }               
        
        $this->query = $sql;
        
        $this->sql_resource = sqlsrv_query( $this->conn , $this->query  , array() , $type );
        
        if( ! $this->sql_resource )
        {
            $this->OnDbError();
        }
   
        $this->query_count++;
    }    
    
    public function fetchResult()
    {
        if( $this->sql_resource )
        {
            sqlsrv_fetch( $this->sql_resource );
            $k = sqlsrv_get_field( $this->sql_resource , 0 );
            $this->Free();
            return $k;
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is nothing to fetch or there was an error with your query. - " , __FUNCTION__ ;
            }
        }
        
        $this->sql_resource = NULL;
    }
    
    public function fetchAssoc()
    {
        if( $this->sql_resource )
        {
            $r = Array();
            $count = 0;
            $stop = false;
            /*$k = sqlsrv_fetch_array( $this->sql_resource );
            $this->Free();
            return $k;*/
            
            while (!$stop)
            {
                $row = sqlsrv_fetch_array($this->sql_resource);
                if ($row === false) die("Account has been registered.");
                $stop = !$row;
                if (!$stop) $r[$count] = $row;
                $count++;
            }
            return $r;
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is nothing to fetch or there was an error with your query. - " , __FUNCTION__ ;
            }
        }
        
        $this->sql_resource = NULL;
    }


    public function fetchObject($silent = false)
    {
        if( $this->sql_resource )
        {
            $k = sqlsrv_fetch_object( $this->sql_resource );
            $this->Free();
            return $k;
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                if (!$silent)
                    echo "There is nothing to fetch or an error with your query. - " , __FUNCTION__;
            }
        }
        
        $this->sql_resource = NULL;        
    }
    
    public function prepare( $sql , array $parameters )
    {
        $this->query = $sql;
        
        $this->query_parameters = $parameters;
        
        $arr = array();
        
        foreach( $this->query_parameters as $key => $value )
        {
            
            $arr[$key] = &$this->query_parameters[$key];
        }


        $this->sql_resource = sqlsrv_prepare( $this->conn , $this->query , $arr );
        
        $this->query_count++;
        
        if( ! $this->sql_resource )
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "Prepared statement failed, check your query.";
            }
        }
    }    


    public function execute()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_execute( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is nothing to execute or an error with your prepared statement.";
            }
        }
    }
    
    public function prepareAndFetch( $sql , array $parameters , $type = 0 )
    {
        $this->prepare( $sql , $parameters );
        
        $this->execute();
        
        if( $type == 0 )
        {
            return $this->fetchAssoc();
        }
        elseif( $type == 1 )
        {
            return $this->fetchResult();
        }
        elseif( $type == 2 )
        {
            return $this->fetchObject();
        }
    }
    
    public function prepareAndExecute( $sql , array $parameters , $type = 0 )
    {
        $this->prepare( $sql , $parameters );
        
        $this->execute();
    }    
    
    public function queryAndFetch( $sql , $type = 0 , $pquery = false , $parameters = NULL )
    {
        if( $pquery == false )
        {
            $this->query( $sql );
        }
        else
        {
            $this->pquery( $sql , $parameters );
        }
        
        if( $type == 0 )
        {
            return $this->fetchAssoc();
        }
        elseif( $type == 1 )
        {
            return $this->fetchResult();
        }
        elseif( $type == 2 )
        {
            return $this->fetchObject();
        }
    }
    
    public function NumRows()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_num_rows( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is no query set or an error with your query. - " , __FUNCTION__;
            }
        }
    }
    
    public function pquery( $sql , array $parameters , $type = 0 )
    {
        if( $type == 1 )
        {
            $type = array( "Scrollable" => 'forward' );
        }
        elseif( $type == 2 )
        {
            $type = array( "Scrollable" => 'static' );
        }
        elseif( $type == 3 )
        {
            $type = array( "Scrollable" => 'dynamic' );
        }
        elseif( $type == 4 )
        {
            $type = array( "Scrollable" => 'keyset' );
        }   
        elseif( $type == 5 )
        {
            $type = array( "Scrollable" => 'buffered' );
        }
        else
        {
            unset( $type );
        }
        
        $this->query = $sql;
        
        if( isset( $type ) )
        {
            $this->sql_resource = sqlsrv_query( $this->conn , $this->query , $parameters , $type );
        }
        else
        {
            $this->sql_resource = sqlsrv_query( $this->conn , $this->query , $parameters );
        }
        
        if( ! $this->sql_resource )
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "Query Failed";
            }
        }
        
        $this->query_count++;
    }
    
    public function HasRows()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_has_rows( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is no query set or an error with your query. - " , __FUNCTION__;
            }
        }       
    }
    
    public function RowsAffected()
    {
        if( $this->sql_resource )
        {
            return sqlsrv_rows_affected( $this->sql_resource );
        }
        else
        {
            if( $this->_Config['SQL_Error_Display'] )
            {
                echo "There is no query set or an error with your query.";
            }
        }       
    }
    
  
    public function Free()
    {
        $this->query = NULL;
        
        $this->query_parameters = array();
        
        if( $this->sql_resource )
        {
           sqlsrv_free_stmt( $this->sql_resource ); 
        }
    }
    
    public function Disconnect()
    {
        ( $this->conn == NULL ) ? NULL : sqlsrv_close( $this->conn ); 
    }
    
    public function Escape( $str )
    {
        $str = str_replace( "'", "''", $str );
        return trim( $str );
    }
}
    
    function error($s)
    {
        echo $s;
        exit;
    }




    if (!isset($_POST['user']) || !isset($_POST['pass']) || !isset($_POST['email']))
    {
        
    }
    $sUser = $_POST['user'];
    $sPass = $_POST['pass'];
    $sEmail = $_POST['email'];


    if (!ctype_alnum($sUser))
    {
        error("Invalid Username. Alpha-Numeric characters only.");
    }
    if (!ctype_alnum($sPass))
    {
        error("Invalid Password. Alpha-Numeric characters only.");
    }
    if (!ValidE($sEmail))
    {
        error("Invalid Username. Alpha-Numeric characters only.");
    }
    if (strlen($sUser) <= 3)
    {
        error("Invalid Username. Must be atleast 4 characters.");
    }
    if (strlen($sPass) <= 3)
    {
        error("Invalid Password. Must be atleast 4 characters.");
    }
   
    $DB = new ES_Database();
    $DB->connect($_Config['SQL']['Database']);
    $TopUserArray = $DB->queryAndFetch("SELECT TOP 1 * FROM tAccounts ORDER BY nEMID DESC", 0, true, array());
    $UserExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sUsername = ?", 0, true, array($sUser));
    $EmailExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sEmail = ?", 0, true, array($sEmail));
    $sIPExistArray = $DB->queryAndFetch("SELECT * FROM tAccounts WHERE sIP = ?", 0, true, array($sIP));
    
    if (count($TopUserArray) == 0)
    {
        $nID = 1;
    }
    else
    {
        $nID = $TopUserArray[0]['nEMID'];
    }
    
    if(count($UserExistArray) > 0)
    {
        error("Username already taken, please try again.");
        die();
    }
    if(count($EmailExistArray) > 0)
    {
        error("Email Address already taken, please try again.");
        die();
    }
    if(count($sIPExistArray) > 0)
    {
        error("You Can Only Have One Account Per IP.");
        die();
    }
    
    $nID = intval($nID) + 1;
    
    $sSalt = generateSalt();
    
    $sSafePass = MD5(MD5($sPass) . $sSalt);
    
    $sIP = $_SERVER['REMOTE_ADDR'];
    
    $params = array( $nID , $sUser , $sPass , $sSalt , $sEmail, $sIP );
    $sql = "INSERT INTO tAccounts([nEMID],[sUsername],[sUserPass],[sUserPassSalt],[sEmail],[nAuthID],[sIP],[dDate],[sRID]) VALUES ( ? , ? , ? , ? , ? , 3 , ? , CURRENT_TIMESTAMP, '-' );";
    
    $DB->queryAndFetch($sql, 0, true, $params);
    
    die("Your account has been created!");
    exit;
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Focus Online - Account Creation</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
*{margin:0;padding:0;}body{padding-top:00px;font:11px "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;}form{margin-left:8px;border:1px #000000;padding:16px 16px 40px 16px;font-weight:normal;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:5px;background:#fff;border:1px solid #e5e5e5;-moz-box-shadow:rgba(200,200,200,1) 0 4px 18px;-webkit-box-shadow:rgba(200,200,200,1) 0 4px 18px;-khtml-box-shadow:rgba(200,200,200,1) 0 4px 18px;box-shadow:rgba(200,200,200,1) 0 4px 18px;}form .forgetmenot{font-weight:normal;float:left;margin-bottom:0;}.button-primary{font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;padding:3px 10px;border:none;font-size:12px;border-width:1px;border-style:solid;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:11px;cursor:pointer;text-decoration:none;margin-top:-3px;}#login form p{margin-bottom:0;}label{color:#777;font-size:13px;}form .forgetmenot label{font-size:11px;line-height:19px;}form .submit,.alignright{float:right;}form p{margin-bottom:24px;}h1 #nav{text-shadow:rgba(255,255,255,1) 0 1px 0;}#backtoblog{position:absolute;top:0;left:0;border-bottom:#c6c6c6 1px solid;background:#d9d9d9;background:-moz-linear-gradient(bottom,#d7d7d7,#e4e4e4);background:-webkit-gradient(linear,left bottom,left top,from(#d7d7d7),to(#e4e4e4));height:30px;width:100%;}#backtoblog a{text-decoration:none;display:block;padding:8px 0 0 15px;}#login{width:320px;margin:0em auto;}#login_error,.message{margin:0 0 16px 8px;border-width:1px;border-style:solid;padding:0px;-moz-border-radius:3px;-khtml-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;}#nav{margin:0 0 0 8px;padding:16px;}#user_pass,#user_login,#user_email{font-size:12px;width:97%;padding:3px;margin-top:2px;margin-right:6px;margin-bottom:16px;border:1px solid #e5e5e5;background:#fbfbfb;}input{color:#555;}.clear{clear:both;}
</style>
<body background="">
<center>
<table border="0" width="50%" style="background:transparent;">
<tr>
<td>
<center>
<Br>
<div id="login">
<form name="loginform" id="loginform" action="https://forum.ragezone.com/#" method="post">


    <div id="registerform">
    <b><font color="black">Account Creation</b></font><br><br>
    <p></p>
    <p>
        <label>Username: &nbsp;
        <input type="text" name="user" id="user" class="input" value=""  /></label><br><br><br>
    </p>
    <p>
        <label>Password: &nbsp;
        <input type="password" name="pass" id="pass" class="input" value=""  /></label><br><br>
    </p>
    <p>
        <label>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Email: &nbsp;
        <input type="text" name="email" id="email" class="input" value=""  /></label>
    </p>
    <p><br><br></p>
    <p class="submit">
        <input type="button" id="GoBtn" class="button-primary" onClick="doSignup()" value="Create Account" tabindex="100" />
    </p>


</div></form><br><br><script language = "javascript">
function doSignup()
{
user = document.getElementById("user").value;
pass = document.getElementById("pass").value;
email = document.getElementById("email").value;


xUrl = "?r=" + Math.floor(Math.random()*132165321);
document.getElementById("registerform").innerHTML = "<br><br><center><img src='http://focusgameonline.com/img/loader.gif'><br><br>";
if (window.XMLHttpRequest)
  {
  xmlhttp=new XMLHttpRequest();
  }
else
  {
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }


xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    setTimeout("ShowResponse(xmlhttp.responseText)",2000);
    }
  }
  xmlhttp.open("POST", xUrl, true);
  xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send("reg=1&user=" + user + "&pass=" + pass + "&email=" + email);
if (navigator.userAgent.indexOf("Firefox") != -1)
{
setTimeout("ShowResponse(xmlhttp.responseText)",2000);
}
}


function ResetForm(u)
{
    window.location = window.location;
}
function ShowResponse(ResponseText)
{
    alert(ResponseText);
    window.location = window.location;
}


</script>
        </div>
            </body>
</html>

This one uses AuthID 4 for banning, 3 for game play.

Code:

<?php
$conf['db_host'] = "LocalHost\SQLExpress";
$conf['db_user'] = "sa";
$conf['db_pass'] = "DATABASEPASSWORD";
$conf['db_name'] = "Accounts";

$user = sql_clean($_GET['Username']);
$passhash = sql_clean($_GET['Password']);

$con = mssql_connect($conf['db_host'],$conf['db_user'],$conf['db_pass']) or die('Database connect Fail.');
$db = mssql_select_db($conf['db_name'], $con) or die('Database Init Fail.');

$exec = mssql_query("SELECT nEMID, sUserPass, nAuthID FROM tAccounts where sUsername = '$user'");

if($exec)
{
    if(mssql_num_rows($exec) != 1)
    {
        die('Wrong Username.');
    }
    $AccountData = mssql_fetch_assoc($exec);
    $PlaintxtPass = $AccountData['sUserPass'];

    $AccountAuth = $AccountData['nAuthID'];

    $PlaintxtnEMID = $AccountData['nEMID'];

    if ($AccountAuth == 5)
    {
            die('Email Not Verified.');
    }
    elseif ($AccountAuth == 2)
    {
            die('Game Down For Maintenance.');
    }
    elseif ($AccountAuth == 4)
    {
            die('Account Banned.');
    }
    elseif ($AccountAuth == 9)
    {
            die('Admin Control.');
    }
    elseif (MD5($PlaintxtPass) == $passhash)
    {
        $Token = RandomToken(35);

        $setToken = null;

        if (mssql_num_rows(mssql_query("SELECT * FROM tTokens WHERE nEMID = '".$PlaintxtnEMID."'")) >= 1)
        {
            mssql_query("DELETE FROM tTokens WHERE nEMID = '".$PlaintxtnEMID."'");
            $setToken = mssql_query("INSERT INTO tTokens (nEMID, sToken) VALUES('".$PlaintxtnEMID."', '".$Token."')");
        }
        else
            $setToken = mssql_query("INSERT INTO tTokens (nEMID, sToken) VALUES('".$PlaintxtnEMID."', '".$Token."')");

        if ($setToken)
            die('OK#'.$Token);
        else
            die('SetToken Error');
    }
    else
    {
        die('Wrong Password.');
    }
}
else
{
    die('Query Failed');
}

mssql_close();

function sql_clean($str)
{
    $search  = array("", "\0", "\n", "\r", "\x1a", "'", '"', '(', ')');
    $replace = array("", "", "", "", "", "", "", "", "");
    return str_replace($search, $replace, $str);
}

function RandomToken( $length )
{
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        $str = "";
    $size = strlen( $chars );
    for( $i = 0; $i < $length; $i++ ) {
        $str .= $chars[ rand( 0, $size - 1 ) ];
    }

    return $str;
}
?>

Login.php, and Register.php issued.

Key For Login:

5 = Email Not Verified
4 = Banned (account)
9 = Admin Control
2 = Game Maintenance

Thanks worked

**Lugapha** · 15-08-15

I think you should

check to see if the email is real.
check the ip if it is banned
check if it already exists
send a email to the address for confirmation
then load the new account

This will detour the player from making new accounts as it becomes time consuming.

**fiestanerd69** · 15-08-15

Closing this thread seeing as the issue has been resolved.

[NA - 2011] How to IP Ban

Thread Tools

Search Thread

[NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Re: [NA - 2011] How to IP Ban

Advertisement