I believe this is saying that it is perfect?Originally Posted by zyberscape
Also, the script isn't as effecient as it could be. Plus you crammed everything into one file. The mssql_connection and everything which I believe isn't very secure.
Also, do NOT use else ifs.
And why shouldn't I use "else if"'s? Its an easy way to find out some information and set off events accordingly.
Lol?! Now you have to tell me why we shouldn't use else if's..Also, do NOT use else ifs.
I wrote this up because I'm tired of douche bags like these guys pretending to be smart, when the server software itself is free, flyff, mssql, php, apache and so on, and thus so should be any knowledge acquired from it, if you're too bloody lazy to share what you got for free because it takes five damn minutes don't post at all.
Here you go guys.
Credits for the functions and base of this script go to the opening poster.PHP Code:<?php
session_start();
//Needs salt to work -- Updated, if using v11 change to nForceisGay
$salt = 'kikugalanet';
//MSSQL Settings
$serverdb = 'CHANGEME1\SQLEXPRESS';
$admin_username = 'sa';
$admin_pass = '*Your password*';
$accounts = 'ACCOUNT_DBF';
$registerurl = 'register.php';
//DB Connection
$link = @mssql_connect($serverdb, $admin_username, $admin_pass) or die ("Server is down!");
$db = @mssql_select_db($accounts) or die ("Accout table is missing!");
//Check Username
function doesUsernameExist($name){
$exit = FALSE;
$rsql = "SELECT * FROM ACCOUNT_TBL WHERE account='" . $name . "'";
$result = @mssql_query($rsql);
if ($result) {
if(mssql_num_rows($result) != 0){
$exit = TRUE;
}
}
else{
$exit = FALSE;
}
return $exit;
}
//Check if something was submitted
if(isset($_POST['submit'])){
$userRev = preg_replace ("[^A-Za-z0-9]", "", $_POST['username']);
$passRev = preg_replace ("[^A-Za-z0-9]", "", $_POST['password']);
$day = (int) $_POST['day'];
$month = (int) $_POST['month'];
$year = (int) $_POST['year'];
$email = $_POST['email'];
if($_POST['username'] == ""){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Please enter an username';
}
else if($_POST['email'] == ""){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Please enter an email';
}
else if($_POST['password'] == ""){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Please enter a password';
}
else if($day == "" || $month == "" || $year == "" || strlen($day) > 2 || strlen($month) > 2 || strlen($year) != 4 || $day == 00 || $month == 00 || $year == 0000){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Please enter a correct birthday';
}
else if(strlen($_POST['username']) > 15){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Your username cannot contain more than 15 characters';
}
else if(strlen($_POST['password']) > 36){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Your password cannot contain more than 36 characters';
}
else if($_POST['username'] != $userRev){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Your username contains illegal characters or words';
}
else if($_POST['password'] != $passRev){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Your password contains illegal characters';
}
else if(strlen(filter_var($email, FILTER_VALIDATE_EMAIL)) == 0){
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
$_SESSION['regerror'] = 'Your is email is wrong please check it';
}
else {
//Making salt
$passRev = md5($salt . $passRev);
//End salt
$bday = $month.'/'.$day.'/'.$year;
$email = $_POST['email'];
if(!doesUsernameExist($userRev)){
$stmt = mssql_init('webCreateAcc', $link);
mssql_bind($stmt, '@account', $userRev, SQLVARCHAR, false, false, 15);
mssql_bind($stmt, '@password', $passRev, SQLVARCHAR, false, false, 36);
mssql_bind($stmt, '@birthday', $bday, SQLVARCHAR, false, false, 120);
mssql_bind($stmt, '@email', $email, SQLVARCHAR, false, false, 120);
mssql_execute($stmt) or die ("Something is wrong on the execution");
mssql_free_statement($stmt);
$_SESSION['regerror'] = '<font color="green">Thank you for registering with the name "'.$userRev.'".</font>';
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
}
else {
$_SESSION['regerror'] = 'Username is already taken.';
echo '<script language="JavaScript">';
echo 'window.location="'.$registerurl.'";';
echo '</script>';
}
}
}
//We need a form to produce results with
else if (!$_POST['submit']) {
if ($_SESSION['regerror'] != '') echo $_SESSION['regerror'] . '<br>';
?>
<form method="post" action="#">
<legend>Username</legend>
<input type="text" name="username">
<legend>Password:</legend>
<input type="password" name="password">
<legend>Birthday (Ex: Month Day Year)</legend>
<input type="text" name="month" value="08"><input type="text" name="day" value="13"><input type="text" name="year" value="1947">
<legend>Email</legend>
<input type="text" name="email">
<legend>Submit Registration</legend>
<input type="submit" name="submit" value="Register!">
</form>
<?php
}
?>
Last edited by alextepes; 01-02-10 at 01:43 AM.
pretty nice code. I would suggest
instead of cramming it all on the same line as an else if. It's not wrong the way you did it, just not as easy to read through it.Code:else if (a == b) { execute code }
The only other thing I would say is your indenting seems kinda off in a few places. Good job on the coding :D
Thanks, I just indented for easier reading, one tab basically. You're free to clean and do whatever you wish with it.
It was just I was frustrated with the OP and wanted to get it done as quick as possible, code is code, the result is the same. I find anyways. If you can read it and it's not gibberish then it could be worse. :)
Thanks for the advice though, it's appreciated, I've got about 3 years of PHP and 5 years DB structure experience on my shoulders now.
Hopefully it shows.
Very nice. That explains why the code looked fairly professional to me (I've only been working with PHP and relational databases for around 7 months lol)Thanks, I just indented for easier reading, one tab basically. You're free to clean and do whatever you wish with it.
It was just I was frustrated with the OP and wanted to get it done as quick as possible, code is code, the result is the same. I find anyways. If you can read it and it's not gibberish then it could be worse. :)
Thanks for the advice though, it's appreciated, I've got about 3 years of PHP and 5 years DB structure experience on my shoulders now.
Hopefully it shows.
It's effective, and that's what matters. The majority of people are just going to copy-paste it, so I don't think they're worried about how easy it is to analyze the script
Edit: After looking back at the OP's code, I can't say I blame you for being frustrated. That was rather pathetic source code on his part
Last edited by ryuchao009; 31-01-10 at 10:54 PM.
I apologize it appears he left out more then I thought, there isn't any md5 going on, so I actually have to fix the script again to work. Will edit this once complete in previous post.
Edit: Salt added, update scripts to acquire the benefits of salt(Working registration with a password that gets md5 hashed)
Last edited by alextepes; 01-02-10 at 01:44 AM.
i need a little help with that im very confused and dont know how to do this. help me!!! thanks.
ok see these lines?
Go to the windows control panel, then go to System (I'm on Vista so this may be slightly different on Windows 7). You should see a section titled "Computer name, domain, and workgroup settings". Underneath that it says your pc name. This goes (in all caps) where the code says CHANGEME1.PHP Code:$serverdb = 'CHANGEME1\SQLEXPRESS'; //your computer's name
$admin_username = 'sa'; //leave this alone!
$admin_pass = '*Your password*'; //password for your database
If your instance name for the server is different (you'll know if it is), change SQLEXPRESS to match it
Make sure you leave the \ intact or the script WILL NOT WORK
The password you should already know if you've used SQL Server Management Studio.
Thanks for the nice script, test it gave me some error on line 221-224
It is a blank page.. i used Wamp but the register page dont show.
same here. my page is empty and i dont see anything. i did everything correctly.
You didn't do it right other wise you would see a page... I posted the finished page on the 1st post...
Last edited by wutyes; 06-02-10 at 10:26 AM.
Ok i went over the code a couple of times and by what i see i changed everything needed to work correctly and i still get blank page nothing else.
And was wondering if that have to be changed to something :
Sorry i'm kinda new with the PHP coding so i'm doing it on insticts :DCode:$rsql = "SELECT * FROM ACCOUNT_TBL WHERE account='" . $name . "'";
EDIT* Ok i fixed that apperently i forgot to check the extensions for mssql.
But now it just says Server is Offline and i'm pretty sure i wrote the correct DB and pass for it.
Last edited by musiboy; 06-03-10 at 01:30 PM.
