[Release] Pokemon-Area based browser game

**Arthur Cardoso** · 07-09-13

HillBilly, i fix the error about timezone on top of site.

Now, the error is other.
When i register, not send the e-mail confirmation code..

In the "register.php" have this.

### Headers.
$headers = "From: Pokemon Browser MMO\n";
$headers .= "X-Sender: \"rot\" \n";
$headers .= "X-Mailer: PHP\n";
$headers .= "Bcc: pokemon-area.com\r\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n";

Why i can edit this?
What I have to change? Please meet me, putting all I would have to change!
Do not forget, is hosted in appserv, so do not have those e-mails from the system. How can I solve this? That confirmation does not arrive in the mail who register on the site?

thank you

**The General** · 08-09-13

I never tested if the sending email option was working. The thing is that I removed the verification in my own edit and just added a captcha.

**Arthur Cardoso** · 08-09-13

Please, post your "register.php"
I am not able to make the code gets to the registered e-mail, please give me a help

**The General** · 08-09-13

Here is my register.tpl
Still need to clean up most code though it is working for me (no mailing function included.)

PHP Code:


<?php
$page = 'register';
    
  include(ROOT.'/inc/functions/register.php');
    GLOBAL $txt;
    GLOBAL $lang;
    GLOBAL $_SESSION;
#Goeie taal erbij laden voor de page


    $foutje1 = '';
    $foutje2 = '';
    $foutje3 = '';
    $foutje4 = '';
    $foutje5 = '';
    $foutje6 = '';
    $foutje7 = '';
    $foutje8 = '';
    $foutje9 = '';
    $foutje10 = '';
    $foutje11 = '';
    $foutje12 = '';
    $grefer = '';
    if(isset($_GET['referer'])){
        $grefer = $_GET['referer'];
    }
if(isset($_POST['registreer'])){


    $voornaam                    = $_POST['voornaam'];
    $achternaam                    = $_POST['achternaam'];
    $land                         = $_POST['land'];
    $gebdate                     = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day'];
    $inlognaam                    = $_POST['inlognaam'];
    $wachtwoord                    = $_POST['wachtwoord'];
    $wachtwoord_nogmaals         = $_POST['wachtwoord_nogmaals'];
    $wachtwoordmd5                = md5($wachtwoord);
    $email                        = $_POST['email'];
    $wereld                        = $_POST['wereld'];
    $captcha                    = $_POST['captcha'];
    $ip                            = $_SERVER['REMOTE_ADDR'];
    $date                        = date("Y-m-d H:i:s");
    $character                    = $_POST['character'];
    $referer                    = $_POST['referer'];
    $check                         = validate_ip($ip);
    $registerdate                = strtotime($check['aanmeld_datum']);
    $current_time                = strtotime(date('Y-m-d H:i:s'));
    $countdown_time                = 604800-($current_time-$registerdate);
    if(isset($_SESSION['captcha_code'])){
        $captcha_code = $_SESSION['captcha_code'];
    }else{
        $captcha_code = 0;
    }
    if(isset($_POST['agreecheck'])){
        $secondaccount = $_POST['agreecheck'];
    }else{
        $secondaccount = false;
    }
    
    if(($check['ip_aangemeld'] == $ip) && ($countdown_time > 0)){
        $alert = '<div class="red">'.$txt['alert_already_this_ip'].'</div>';
    }
    if(empty($voornaam)){
        $foutje1        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_firstname'].'</div>';
        }elseif(strlen($voornaam) > 12 ){
        $foutje1        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_firstname_too_long'].'</div>';
    }
    elseif(empty($achternaam)){
        $foutje2        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_lastname'].'</div>';
        }
        elseif(strlen($achternaam) > 12 ){
        $foutje1        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_lastname_too_long'].'</div>';
    }
    elseif(empty($land)){
        $foutje3        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_country'].'</div>';
    }
    elseif(($_POST['day'] == '0') OR ($_POST['month'] == '0') OR ($_POST['year'] == '0')){
        $foutje4        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_full_gebdate'].'</div>';
    }
    elseif(empty($inlognaam)){
        $foutje5        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_username'].'</div>';
    }    
     elseif(strlen($inlognaam) < 3 ){
        $foutje5        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_username_too_short'].'</div>';
    }
    elseif(strlen($inlognaam) > 10 ){
        $foutje5        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_username_too_long'].'</div>';
    }
    elseif(validate_username($inlognaam) >= 1){
        $foutje5             = '<span class="error_red">*</span>';
        $alert                  = '<div class="red">'.$txt['alert_username_exists'].'</div>';
    }
    elseif(!preg_match('/^([a-zA-Z0-9]+)$/is', $inlognaam)){
        $foutje5             = '<span class="error_red">*</span>';
        $alert             = '<div class="red">'.$txt['alert_username_incorrect_signs'].'</div>';
    }
    elseif(empty($wachtwoord)){
        $foutje6        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_password'].'</div>';
    }
    elseif($wachtwoord <> $wachtwoord_nogmaals){
        $foutje6        = '<span class="error_red">*</span>';
        $foutje7        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_passwords_dont_match'].'</div>';
    }
    elseif(empty($email)){
        $foutje8        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_email'].'</div>';
    }
    elseif(!preg_match("/^[A-Z0-9._%-]+@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\.[A-Z]{2,6}$/i", $email)){
        $foutje8        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_email_incorrect_signs'].'</div>';
    }    
    elseif(validate_email($email) >= 1){
        $foutje8             = '<span class="error_red">*</span>';
        $alert             = '<div class="red">'.$txt['alert_email_exists'].'</div>';
    }
    elseif($character != 'Red' && $character != 'Leaf' && $character != 'Ethan' && $character != 'Lyra' && $character != 'Brendan' && $character != 'May' && $character != 'Lucas' && $character != 'Dawn' && $character != 'Lunick' && $character != 'Solana' && $character != 'Ash' && $character != 'Blue' && $character != 'Brock' && $character != 'Misty' && $character != 'Tracey' && $character != 'Max' && $character != 'Paul' && $character != 'J'){
        $foutje9            = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_character_invalid'].'</div>';
    }
    elseif(empty($wereld)){
        $foutje10        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_no_beginworld'].'</div>';
    }
    elseif($wereld != 'Kanto' && $wereld != 'Johto' && $wereld != 'Hoenn' && $wereld != 'Sinnoh' && $wereld != 'Unova'){
        $foutje10        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_world_invalid'].'</div>';
    }
    elseif($secondaccount != True){
        $foutje11        = '<span class="error_red">*</span>';
        $alert            = '<div class="red">'.$txt['alert_1account_condition'].'</div>';
    }
    elseif($captcha != $captcha_code){
        $foutje12        = '<span class="error_red">*</span>';
        $alert             = '<div class="red">'.$txt['alert_guardcore_invalid'].'</div>';
    }else{ 
        $activatiecode = rand(111111,999999);
        register_user($activatiecode, $voornaam, $achternaam, $land, $character, $inlognaam, $gebdate, $date, $wachtwoordmd5, $email, $ip, $wereld, $referer);
    
  
    $page = 'register';
    #Goeie taal erbij laden voor de mail
    #include_once('language/language-mail.php');
    
    $alert = '<div class="green">'.$txt['success_register'].'</div>';
    
    }
}
?>


<form method="post" action="?page=register" name="register">
    <center><p><img src="http://forum.ragezone.com/images/icons/ster.png" /> <?php echo $txt['title_text']; ?> <img src="http://forum.ragezone.com/images/icons/ster.png" /></p></center>
    <?php if(!empty($alert)){ echo $alert; } ?>
    <table width="660" cellspacing="0" cellpadding="0">
        <tr><td colspan="2" class="top_first_td"><?php echo $txt['register_personal_data']; ?></td></tr>
        <tr><td colspan="2" style="padding-bottom:10px;"></td></tr>
        <tr>
            <td width="200" class="normal_first_td"><?php echo $txt['firstname'].' '.$foutje1; ?></td>
            <td width="460" class="normal_td"><input type="text" name="voornaam" value="<?php if(isset($_POST ['voornaam']) && !empty($_POST ['voornaam'])) { echo $_POST ['voornaam']; }?>" class="text_long" maxlength="12"></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['lastname'].' '.$foutje2; ?></td>
            <td class="normal_td"><input type="text" name="achternaam" value="<?php if(isset($_POST ['achternaam']) && !empty($_POST ['achternaam'])) { echo $_POST ['achternaam']; }?>" class="text_long" maxlength="12"></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['country'].' '.$foutje3; ?></td>
            <td class="normal_td"><select name="land" value="<?php if(isset($_POST ['land']) && !empty($_POST ['land'])) { echo $_POST ['land']; }?>" class="text_select">
                <?php
                    $query = 'SELECT en, nl FROM landen';
                    $landsql = Core::$DB->prepare($query)->execute();


                    if(isset($_POST['land'])){
                        $landd = $_POST['land'];
                    }else{
                        $landd = $lang['taalgeneral'];
                    } 
        
                    while($land = $landsql->fetch_assoc()){
                        if($land['en'] == $landd){
                            $selected = 'selected';
                        }else{
                            $selected = '';
                        }
                        echo '<option value="'.$land['en'].'" '.$selected.'>'.$land[$lang['taalshort']].'</option>';
                    }
                ?>
                </select>
            </td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['gebdate'].' '.$foutje4; ?></td>
            <td class="normal_td">
                <?php
                    echo '<select name="day" class="text_select">
                        <option value="0">'.$txt['day'].'</option>';
                    for ($i = 1; $i <= 31; $i++) {
                        $selected = isset($_POST['day']) && $_POST['day'] == $i ? ' selected="selected"' : '';
                        echo '<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
                    }
                    echo '</select>';
            
                    echo '<select name="month" class="text_select">
                            <option value="0">'.$txt['month'].'</option>';
                    for ($i = 1; $i <= 12; $i++) {
                        $selected = isset($_POST['month']) && $_POST['month'] == $i ? ' selected="selected"' : '';
                        echo '<option value="'.$i.'"'.$selected.'>'.strftime('%B', mktime(0, 0, 0, $i, 1)).'</option>';
                    }
                    echo '</select>';


            
                    echo '<select name="year" class="text_select">
                            <option value="0">'.$txt['year'].'</option>';
                    for ($i = 2010; $i >= 1975; $i--) {
                        $selected = isset($_POST['year']) && $_POST['year'] == $i ? ' selected="selected"' : '';
                        echo '<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
                    }
                    echo '</select>';
                ?>
            </td>
        </tr>
        <tr><td colspan="2" style="padding-top:10px;"></td></tr>
        <tr><td colspan="2" class="top_first_td"><?php echo $txt['register_game_data']; ?></td></tr>
        <tr><td colspan="2" style="padding-bottom:10px;"></td></tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['username'].' '.$foutje5; ?></td>
            <td class="normal_td"><input name="inlognaam" type="text" class="text_long" value="<?php if(!empty($_POST ['inlognaam'])) { echo $_POST ['inlognaam']; }?>" maxlength="10" /></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['password'].' '.$foutje6; ?></td>
            <td class="normal_td"><input type="password" name="wachtwoord" value="<?php if(!empty($_POST ['wachtwoord'])) { echo $_POST ['wachtwoord']; }?>" class="text_long" /></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['password_again'].' '.$foutje7; ?></td>
            <td class="normal_td"><input type="password" name="wachtwoord_nogmaals" value="<?php if(!empty($_POST ['wachtwoord_nogmaals'])) { echo $_POST ['wachtwoord_nogmaals']; }?>" class="text_long" /></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['email'].' '.$foutje8; ?></td>
            <td class="normal_td"><input type="text" name="email" value="<?php if(!empty($_POST ['email'])) { echo $_POST ['email']; }?>" class="text_long" /></td>
        </tr>
            <tr>
            <td class="normal_first_td"><?php echo $txt['character'].' '.$foutje9; ?></td>
            <td class="normal_td"><select name="character" value="<?php if(!empty($_POST ['character'])) { echo $_POST ['character']; }?>" class="text_select">
                <?php
                    $query = 'SELECT naam FROM characters ORDER BY id ASC';
                    $charactersql = Core::$DB->prepare($query)->execute();
                
                    if(isset($_POST['character'])){
                        $characterr = $_POST['character'];
                    }else{
                        $characterr = 'Red';
                    } 
        
                    while($character = $charactersql->fetch_assoc()){
                        if($character['naam'] == $characterr){
                            $selected = 'selected';
                        }else{
                            $selected = '';
                        }
                        echo '<option value="'.$character['naam'].'" '.$selected.'>'.$character['naam'].'</option>';
                    }
                ?>
                </select>
            </td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['beginworld'].' '.$foutje10; ?></td>
            <td class="normal_td">
                <select name="wereld" class="text_select">
                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Kanto</option>
                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Johto</option>
                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Hoenn</option>
                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Sinnoh</option>
                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Unova") { echo 'checked'; } ?>>Unova</option>
                </select>
            </td>
        </tr>
        <tr>
            <td class="normal_first_td"><label for="agreecheck"><?php echo $txt['1account_rule']; ?></label><?php echo $foutje11; ?></td>
            <td class="normal_td"><input name="agreecheck" id="agreecheck" value="yes" type="checkbox" <?php if(isset($_POST['agreecheck']) && $_POST['agreecheck'] == "yes") { echo 'checked'; } ?>></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['referer']; ?></td>
            <td class="normal_td"><input type="text" name="referer" value="<?php echo $grefer; ?>" class="text_long" /> <span style="padding-left:5px;"><?php echo $txt['not_oblige']; ?></span></td>
        </tr>
            <tr>
                <td colspan="2" style="padding-bottom:10px;"></td>
            </tr>
        <tr>
            <td colspan="2" class="top_first_td"><?php echo $txt['register_security']; ?></td>
        </tr>
            <tr>
                <td colspan="2" style="padding-bottom:10px;"></td>
            </tr>
        <tr>
            <td class="normal_first_td">&nbsp;</td>
            <td class="normal_td"><img src="inc/captcha.inc.php" alt="<?php echo $txt['captcha']; ?>" title="<?php echo $txt['captcha']; ?>" /></td>
        </tr>
        <tr>
            <td class="normal_first_td"><?php echo $txt['guardcode'].' '.$foutje12; ?></td>
            <td class="normal_td"><input name="captcha" type="text" class="text_long" maxlength="3" /></td>
        </tr>
        <tr>
            <td class="normal_first_td">&nbsp;</td>
            <td class="normal_td"><input type="submit" value="<?php echo $txt['button']; ?>" name="registreer" class="button"></td>
        </tr>
    </table>
</form>
<?php session_destroy(); ?>

**Arthur Cardoso** · 08-09-13

Please, post i files to do that function works.
It is very difficult to make this function work register.
I need help, post all items to make people able to register on the site and LOG, because I already did, and the following happened:
* The verification code is not reached, and when I logava, took ban.
* With your still must be missing much file.

Please try to help me, to desperate: (
Have skype? Can add me?
Or try just posting ALL files required to make this function to work.

When i upload your "register"
Show that error:

Warning: include(ROOT/inc/functions/register.php) [function.include]: failed to open stream: No such file or directory in/home/pokenation/www/register.php on line 4

Warning: include(ROOT/inc/functions/register.php) [function.include]: failed to open stream: No such file or directory in/home/pokenation/www/register.php on line 4

Warning: include() [function.include]: Failed opening 'ROOT/inc/functions/register.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/pokenation/www/register.php on line 4

**Mugaru** · 09-09-13

Just rebuild or write your own register.php... it isn't that hard, this source is really fucked up.

**The General** · 09-09-13

You wont get my whole CMS. This is what I use (thats what you asked).

Not going to post my development here.

Cheers!

**Mugaru** · 09-09-13

damn.

I think you're not good enough to understand my code if i write it in OOP.. so here is a simple example, just edit the query --'

Code:

<?php
if(isset($_POST['register'])){
$password = md5($_POST['password'];
mysql_query("INSERT INTO `gebruikers` (`username`,`password`,`firstname`, `lastname`)
VALUES ($_POST['username'],$password,value3,...)");
}
?>
<html>
<head>
<title>Register page for your Pokemon Game</title></head>
<body>
<form method="POST" action="">
<input type="text" name="first" placeholder="first name"/>
<input type="text" name="last" placeholder="last name"/>
<input type="text" name="username" placeholder="username"/>
<input type="password" name="password" placeholder="password"/>
<input type="password" name="password2" placeholder="password(recheck)"/>
<input type="submit" name="register" value="Register"/>
</form>
</body>
</html>

Ofcourse i forgot to write the selectboxes down here, but that wouldn't be to hard!
And for the better programmers here, Yea this code is messy but that doesn't make any sense, its just a example so he can see how to write his own.. and he can probably use it if he change the code enough ;-)

Mugaru

**The General** · 10-09-13

Originally Posted by Mugaru

damn.

I think you're not good enough to understand my code if i write it in OOP.. so here is a simple example, just edit the query --'

Code:

<?php
if(isset($_POST['register'])){
$password = md5($_POST['password'];
mysql_query("INSERT INTO `gebruikers` (`username`,`password`,`firstname`, `lastname`)
VALUES ($_POST['username'],$password,value3,...)");
}
?>
<html>
<head>
<title>Register page for your Pokemon Game</title></head>
<body>
<form method="POST" action="">
<input type="text" name="first" placeholder="first name"/>
<input type="text" name="last" placeholder="last name"/>
<input type="text" name="username" placeholder="username"/>
<input type="password" name="password" placeholder="password"/>
<input type="password" name="password2" placeholder="password(recheck)"/>
<input type="submit" name="register" value="Register"/>
</form>
</body>
</html>

Ofcourse i forgot to write the selectboxes down here, but that wouldn't be to hard!
And for the better programmers here, Yea this code is messy but that doesn't make any sense, its just a example so he can see how to write his own.. and he can probably use it if he change the code enough ;-)

Mugaru

Nice exploit you got there...

**Mugaru** · 10-09-13

i know hill, forgot to strip the shit, and whatever :D But this guy needs to teach himself some programming skills...

**The General** · 12-09-13

Originally Posted by Mugaru

i know hill, forgot to strip the shit, and whatever :D But this guy needs to teach himself some programming skills...

Atleast give them something secure. Else they might get hacked and blame you lmao.

**fitim** · 14-09-13

Originally Posted by HillBilly

Here is my register.tpl
Still need to clean up most code though it is working for me (no mailing function included.)

PHP Code:


<?php

$page = 'register';

    

  include(ROOT.'/inc/functions/register.php');

    GLOBAL $txt;

    GLOBAL $lang;

    GLOBAL $_SESSION;

#Goeie taal erbij laden voor de page





    $foutje1 = '';

    $foutje2 = '';

    $foutje3 = '';

    $foutje4 = '';

    $foutje5 = '';

    $foutje6 = '';

    $foutje7 = '';

    $foutje8 = '';

    $foutje9 = '';

    $foutje10 = '';

    $foutje11 = '';

    $foutje12 = '';

    $grefer = '';

    if(isset($_GET['referer'])){

        $grefer = $_GET['referer'];

    }

if(isset($_POST['registreer'])){





    $voornaam                    = $_POST['voornaam'];

    $achternaam                    = $_POST['achternaam'];

    $land                         = $_POST['land'];

    $gebdate                     = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day'];

    $inlognaam                    = $_POST['inlognaam'];

    $wachtwoord                    = $_POST['wachtwoord'];

    $wachtwoord_nogmaals         = $_POST['wachtwoord_nogmaals'];

    $wachtwoordmd5                = md5($wachtwoord);

    $email                        = $_POST['email'];

    $wereld                        = $_POST['wereld'];

    $captcha                    = $_POST['captcha'];

    $ip                            = $_SERVER['REMOTE_ADDR'];

    $date                        = date("Y-m-d H:i:s");

    $character                    = $_POST['character'];

    $referer                    = $_POST['referer'];

    $check                         = validate_ip($ip);

    $registerdate                = strtotime($check['aanmeld_datum']);

    $current_time                = strtotime(date('Y-m-d H:i:s'));

    $countdown_time                = 604800-($current_time-$registerdate);

    if(isset($_SESSION['captcha_code'])){

        $captcha_code = $_SESSION['captcha_code'];

    }else{

        $captcha_code = 0;

    }

    if(isset($_POST['agreecheck'])){

        $secondaccount = $_POST['agreecheck'];

    }else{

        $secondaccount = false;

    }

    

    if(($check['ip_aangemeld'] == $ip) && ($countdown_time > 0)){

        $alert = '<div class="red">'.$txt['alert_already_this_ip'].'</div>';

    }

    if(empty($voornaam)){

        $foutje1        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_firstname'].'</div>';

        }elseif(strlen($voornaam) > 12 ){

        $foutje1        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_firstname_too_long'].'</div>';

    }

    elseif(empty($achternaam)){

        $foutje2        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_lastname'].'</div>';

        }

        elseif(strlen($achternaam) > 12 ){

        $foutje1        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_lastname_too_long'].'</div>';

    }

    elseif(empty($land)){

        $foutje3        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_country'].'</div>';

    }

    elseif(($_POST['day'] == '0') OR ($_POST['month'] == '0') OR ($_POST['year'] == '0')){

        $foutje4        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_full_gebdate'].'</div>';

    }

    elseif(empty($inlognaam)){

        $foutje5        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_username'].'</div>';

    }    

     elseif(strlen($inlognaam) < 3 ){

        $foutje5        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_username_too_short'].'</div>';

    }

    elseif(strlen($inlognaam) > 10 ){

        $foutje5        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_username_too_long'].'</div>';

    }

    elseif(validate_username($inlognaam) >= 1){

        $foutje5             = '<span class="error_red">*</span>';

        $alert                  = '<div class="red">'.$txt['alert_username_exists'].'</div>';

    }

    elseif(!preg_match('/^([a-zA-Z0-9]+)$/is', $inlognaam)){

        $foutje5             = '<span class="error_red">*</span>';

        $alert             = '<div class="red">'.$txt['alert_username_incorrect_signs'].'</div>';

    }

    elseif(empty($wachtwoord)){

        $foutje6        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_password'].'</div>';

    }

    elseif($wachtwoord <> $wachtwoord_nogmaals){

        $foutje6        = '<span class="error_red">*</span>';

        $foutje7        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_passwords_dont_match'].'</div>';

    }

    elseif(empty($email)){

        $foutje8        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_email'].'</div>';

    }

    elseif(!preg_match("/^[A-Z0-9._%-]+@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\.[A-Z]{2,6}$/i", $email)){

        $foutje8        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_email_incorrect_signs'].'</div>';

    }    

    elseif(validate_email($email) >= 1){

        $foutje8             = '<span class="error_red">*</span>';

        $alert             = '<div class="red">'.$txt['alert_email_exists'].'</div>';

    }

    elseif($character != 'Red' && $character != 'Leaf' && $character != 'Ethan' && $character != 'Lyra' && $character != 'Brendan' && $character != 'May' && $character != 'Lucas' && $character != 'Dawn' && $character != 'Lunick' && $character != 'Solana' && $character != 'Ash' && $character != 'Blue' && $character != 'Brock' && $character != 'Misty' && $character != 'Tracey' && $character != 'Max' && $character != 'Paul' && $character != 'J'){

        $foutje9            = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_character_invalid'].'</div>';

    }

    elseif(empty($wereld)){

        $foutje10        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_no_beginworld'].'</div>';

    }

    elseif($wereld != 'Kanto' && $wereld != 'Johto' && $wereld != 'Hoenn' && $wereld != 'Sinnoh' && $wereld != 'Unova'){

        $foutje10        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_world_invalid'].'</div>';

    }

    elseif($secondaccount != True){

        $foutje11        = '<span class="error_red">*</span>';

        $alert            = '<div class="red">'.$txt['alert_1account_condition'].'</div>';

    }

    elseif($captcha != $captcha_code){

        $foutje12        = '<span class="error_red">*</span>';

        $alert             = '<div class="red">'.$txt['alert_guardcore_invalid'].'</div>';

    }else{ 

        $activatiecode = rand(111111,999999);

        register_user($activatiecode, $voornaam, $achternaam, $land, $character, $inlognaam, $gebdate, $date, $wachtwoordmd5, $email, $ip, $wereld, $referer);

    

  

    $page = 'register';

    #Goeie taal erbij laden voor de mail

    #include_once('language/language-mail.php');

    

    $alert = '<div class="green">'.$txt['success_register'].'</div>';

    

    }

}

?>





<form method="post" action="?page=register" name="register">

    <center><p><img src="http://forum.ragezone.com/images/icons/ster.png" /> <?php echo $txt['title_text']; ?> <img src="http://forum.ragezone.com/images/icons/ster.png" /></p></center>

    <?php if(!empty($alert)){ echo $alert; } ?>

    <table width="660" cellspacing="0" cellpadding="0">

        <tr><td colspan="2" class="top_first_td"><?php echo $txt['register_personal_data']; ?></td></tr>

        <tr><td colspan="2" style="padding-bottom:10px;"></td></tr>

        <tr>

            <td width="200" class="normal_first_td"><?php echo $txt['firstname'].' '.$foutje1; ?></td>

            <td width="460" class="normal_td"><input type="text" name="voornaam" value="<?php if(isset($_POST ['voornaam']) && !empty($_POST ['voornaam'])) { echo $_POST ['voornaam']; }?>" class="text_long" maxlength="12"></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['lastname'].' '.$foutje2; ?></td>

            <td class="normal_td"><input type="text" name="achternaam" value="<?php if(isset($_POST ['achternaam']) && !empty($_POST ['achternaam'])) { echo $_POST ['achternaam']; }?>" class="text_long" maxlength="12"></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['country'].' '.$foutje3; ?></td>

            <td class="normal_td"><select name="land" value="<?php if(isset($_POST ['land']) && !empty($_POST ['land'])) { echo $_POST ['land']; }?>" class="text_select">

                <?php

                    $query = 'SELECT en, nl FROM landen';

                    $landsql = Core::$DB->prepare($query)->execute();





                    if(isset($_POST['land'])){

                        $landd = $_POST['land'];

                    }else{

                        $landd = $lang['taalgeneral'];

                    } 

        

                    while($land = $landsql->fetch_assoc()){

                        if($land['en'] == $landd){

                            $selected = 'selected';

                        }else{

                            $selected = '';

                        }

                        echo '<option value="'.$land['en'].'" '.$selected.'>'.$land[$lang['taalshort']].'</option>';

                    }

                ?>

                </select>

            </td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['gebdate'].' '.$foutje4; ?></td>

            <td class="normal_td">

                <?php

                    echo '<select name="day" class="text_select">

                        <option value="0">'.$txt['day'].'</option>';

                    for ($i = 1; $i <= 31; $i++) {

                        $selected = isset($_POST['day']) && $_POST['day'] == $i ? ' selected="selected"' : '';

                        echo '<option value="'.$i.'"'.$selected.'>'.$i.'</option>';

                    }

                    echo '</select>';

            

                    echo '<select name="month" class="text_select">

                            <option value="0">'.$txt['month'].'</option>';

                    for ($i = 1; $i <= 12; $i++) {

                        $selected = isset($_POST['month']) && $_POST['month'] == $i ? ' selected="selected"' : '';

                        echo '<option value="'.$i.'"'.$selected.'>'.strftime('%B', mktime(0, 0, 0, $i, 1)).'</option>';

                    }

                    echo '</select>';





            

                    echo '<select name="year" class="text_select">

                            <option value="0">'.$txt['year'].'</option>';

                    for ($i = 2010; $i >= 1975; $i--) {

                        $selected = isset($_POST['year']) && $_POST['year'] == $i ? ' selected="selected"' : '';

                        echo '<option value="'.$i.'"'.$selected.'>'.$i.'</option>';

                    }

                    echo '</select>';

                ?>

            </td>

        </tr>

        <tr><td colspan="2" style="padding-top:10px;"></td></tr>

        <tr><td colspan="2" class="top_first_td"><?php echo $txt['register_game_data']; ?></td></tr>

        <tr><td colspan="2" style="padding-bottom:10px;"></td></tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['username'].' '.$foutje5; ?></td>

            <td class="normal_td"><input name="inlognaam" type="text" class="text_long" value="<?php if(!empty($_POST ['inlognaam'])) { echo $_POST ['inlognaam']; }?>" maxlength="10" /></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['password'].' '.$foutje6; ?></td>

            <td class="normal_td"><input type="password" name="wachtwoord" value="<?php if(!empty($_POST ['wachtwoord'])) { echo $_POST ['wachtwoord']; }?>" class="text_long" /></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['password_again'].' '.$foutje7; ?></td>

            <td class="normal_td"><input type="password" name="wachtwoord_nogmaals" value="<?php if(!empty($_POST ['wachtwoord_nogmaals'])) { echo $_POST ['wachtwoord_nogmaals']; }?>" class="text_long" /></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['email'].' '.$foutje8; ?></td>

            <td class="normal_td"><input type="text" name="email" value="<?php if(!empty($_POST ['email'])) { echo $_POST ['email']; }?>" class="text_long" /></td>

        </tr>

            <tr>

            <td class="normal_first_td"><?php echo $txt['character'].' '.$foutje9; ?></td>

            <td class="normal_td"><select name="character" value="<?php if(!empty($_POST ['character'])) { echo $_POST ['character']; }?>" class="text_select">

                <?php

                    $query = 'SELECT naam FROM characters ORDER BY id ASC';

                    $charactersql = Core::$DB->prepare($query)->execute();

                

                    if(isset($_POST['character'])){

                        $characterr = $_POST['character'];

                    }else{

                        $characterr = 'Red';

                    } 

        

                    while($character = $charactersql->fetch_assoc()){

                        if($character['naam'] == $characterr){

                            $selected = 'selected';

                        }else{

                            $selected = '';

                        }

                        echo '<option value="'.$character['naam'].'" '.$selected.'>'.$character['naam'].'</option>';

                    }

                ?>

                </select>

            </td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['beginworld'].' '.$foutje10; ?></td>

            <td class="normal_td">

                <select name="wereld" class="text_select">

                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Kanto</option>

                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Johto</option>

                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Hoenn</option>

                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Sinnoh</option>

                    <option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Unova") { echo 'checked'; } ?>>Unova</option>

                </select>

            </td>

        </tr>

        <tr>

            <td class="normal_first_td"><label for="agreecheck"><?php echo $txt['1account_rule']; ?></label><?php echo $foutje11; ?></td>

            <td class="normal_td"><input name="agreecheck" id="agreecheck" value="yes" type="checkbox" <?php if(isset($_POST['agreecheck']) && $_POST['agreecheck'] == "yes") { echo 'checked'; } ?>></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['referer']; ?></td>

            <td class="normal_td"><input type="text" name="referer" value="<?php echo $grefer; ?>" class="text_long" /> <span style="padding-left:5px;"><?php echo $txt['not_oblige']; ?></span></td>

        </tr>

            <tr>

                <td colspan="2" style="padding-bottom:10px;"></td>

            </tr>

        <tr>

            <td colspan="2" class="top_first_td"><?php echo $txt['register_security']; ?></td>

        </tr>

            <tr>

                <td colspan="2" style="padding-bottom:10px;"></td>

            </tr>

        <tr>

            <td class="normal_first_td"> </td>

            <td class="normal_td"><img src="inc/captcha.inc.php" alt="<?php echo $txt['captcha']; ?>" title="<?php echo $txt['captcha']; ?>" /></td>

        </tr>

        <tr>

            <td class="normal_first_td"><?php echo $txt['guardcode'].' '.$foutje12; ?></td>

            <td class="normal_td"><input name="captcha" type="text" class="text_long" maxlength="3" /></td>

        </tr>

        <tr>

            <td class="normal_first_td"> </td>

            <td class="normal_td"><input type="submit" value="<?php echo $txt['button']; ?>" name="registreer" class="button"></td>

        </tr>

    </table>

</form>

<?php session_destroy(); ?>

Nice exploit you got there...

**The General** · 14-09-13

Originally Posted by fitim

Nice exploit you got there...

Where? I honestly cant tell it as I'm total noob. Plz tell me so I can fix it.

**Ashcan** · 14-09-13

I believe he is talking about get.
if u want bug-free , pay for this, noone gonna share unbugged game free oO

**The General** · 14-09-13

Originally Posted by Ashcan

I believe he is talking about get.
if u want bug-free , pay for this, noone gonna share unbugged game free oO

I dont need to filter vars as I'm using prepared statements.

[Release] Pokemon-Area based browser game

Thread Tools

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Re: [Release] Pokemon-Area based browser game

Advertisement