[Release] Pokemon-Area based browser game

Page 46 of 78 FirstFirst ... 36383940414243444546474849505152535456 ... LastLast
Results 676 to 690 of 1163
  1. 04-11-13 #676
    The General
    Check http://arcturus.pw The General is offline
    DeveloperRank
    Aug 2011 Join Date
    7,610Posts

    Re: [Release] Pokemon-Area based browser game

    Filter all $_POST and $_GET variables.

    I'm converting it to PDO but I'm stuck in the battling script :/ Its so messy.
  2. 04-11-13 #677
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    change all $_posts to

    $raftaar = mysql_real_escape_string($_POST['test']);

    this is my register
    Last edited by Raftaar; 04-11-13 at 05:32 PM.
  3. 04-11-13 #678
    KiruHoshino
    RaGEZONER || Webdevloper KiruHoshino is offline
    MemberRank
    Oct 2011 Join Date
    HungaryLocation
    648Posts

    Re: [Release] Pokemon-Area based browser game

    Use this BB code please.

    [CODE ] [/CODE]

    Without space.
  4. 04-11-13 #679
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    ok thanx
    Code:
    <?php
session_start();


$page = 'register';
#Goeie taal erbij laden voor de page
include_once('language/language-pages.php');


//Generate a key, print a form:
$key = sha1(microtime());
$_SESSION['csrf'] = $key;


if(isset($_POST['registreer'])){
$voornaam	 = mysql_real_escape_string($_POST['voornaam']);
$achternaam	 = mysql_real_escape_string($_POST['achternaam']);
$land	 = mysql_real_escape_string($_POST['land']);
$gebdate = mysql_real_escape_string($_POST['year'].'-'.$_POST['month'].'-'.$_POST['day']);
$inlognaam	 = mysql_real_escape_string($_POST['inlognaam']);
$wachtwoord	 = mysql_real_escape_string($_POST['wachtwoord']);
$wachtwoord_nogmaals = mysql_real_escape_string($_POST['wachtwoord_nogmaals']);
$wachtwoordmd5	 = md5($wachtwoord);
$email	 = mysql_real_escape_string($_POST['email']);
$wereld	 = mysql_real_escape_string($_POST['wereld']);
$secondaccount = mysql_real_escape_string($_POST['agreecheck']);
$schelden = mysql_real_escape_string($_POST['agreecheck2']);
$ip	 = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
$character = mysql_real_escape_string($_POST['character']);
$referer	 = mysql_real_escape_string($_POST['referer']);
$check = mysql_fetch_assoc(mysql_query("SELECT `ip_aangemeld`, `aanmeld_datum` FROM `gebruikers` WHERE `ip_aangemeld`='".$ip."' ORDER BY `user_id` DESC"));
$registerdate = strtotime($check['aanmeld_datum']);
$current_time = strtotime(date('Y-m-d H:i:s'));
$countdown_time = 604800-($current_time-$registerdate);

#Is er de afgelopen week al een account gemaakt?
#if(($check['ip_aangemeld'] == $ip) && ($countdown_time > 0))
#$alert = '<div class="red">'.$txt['alert_already_this_ip'].'</div>';
#voornaam
if(empty($voornaam)){
$foutje1	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_firstname'].'</div>';
}
elseif(strlen($voornaam) > 12 ){
$foutje1	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_firstname_too_long'].'</div>';
}
#achternaam
elseif(empty($achternaam)){
$foutje2	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_lastname'].'</div>';
}
elseif(strlen($achternaam) > 12 ){
$foutje1	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_lastname_too_long'].'</div>';
}
#land
elseif(empty($land)){
$foutje3	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_country'].'</div>';
}
#Geboortedatum
elseif(($_POST['day'] == '0') OR ($_POST['month'] == '0') OR ($_POST['year'] == '0')){
$foutje4	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_full_gebdate'].'</div>';
}
#inlognaam
elseif(empty($inlognaam)){
$foutje5	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_username'].'</div>';
} 
elseif(strlen($inlognaam) < 3 ){
$foutje5	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_username_too_short'].'</div>';
}
#Is de inlognaam wel korter dan 10 tekens
elseif(strlen($inlognaam) > 10 ){
$foutje5	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_username_too_long'].'</div>';
}
#Bestaat de gebruiker al.
elseif(mysql_num_rows(mysql_query("SELECT `username` FROM `gebruikers` WHERE `username`='".$inlognaam."'")) >= 1){
$foutje5	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_username_exists'].'</div>';
}
#Kijken als het geen speciale tekens bevat
elseif(!preg_match('/^([a-zA-Z0-9]+)$/is', $inlognaam)){
$foutje5	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_username_incorrect_signs'].'</div>';
}
#wachtwoord
elseif(empty($wachtwoord)){
$foutje6	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_password'].'</div>';
}
#Komen de wachtwoorden niet overeen
elseif($wachtwoord <> $wachtwoord_nogmaals){
$foutje6	 = '<span class="error_red">*</span>';
$foutje7	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_passwords_dont_match'].'</div>';
}
#email
elseif(empty($email)){
$foutje8	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_email'].'</div>';
}
#Is email wel goed?
elseif(!preg_match("/^[A-Z0-9._%-]+@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\.[A-Z]{2,6}$/i", $email)){
$foutje8	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_email_incorrect_signs'].'</div>';
}	
#Bestaat e-mail al.
elseif(mysql_num_rows(mysql_query("SELECT `email` FROM `gebruikers` WHERE `email`='".$email."'")) >= 1){
$foutje8	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_email_exists'].'</div>';
}
elseif(empty($_POST['csrf'])){
$foutje8	 = '<span class="error_red">*</span>';
$alert = '<div class="red">Stop Using CSRF attack</div>';


}
#character
elseif($character != 'Red' && $character != 'Leaf' && $character != 'Ethan' && $character != 'Lyra' && $character != 'Brendan' && $character != 'May' && $character != 'Lucas' && $character != 'Dawn' && $character != 'Lunick' && $character != 'Solana' && $character != 'Ash' && $character != 'Blue' && $character != 'Brock' && $character != 'Misty' && $character != 'Tracey' && $character != 'Max' && $character != 'Paul' && $character != 'J' && $character != 'Hilda' && $character != 'Hilbert' && $character != 'N'&& $character != 'Akuroma'&& $character != 'fem-bw2'&& $character != 'mal-bw2'){
$foutje9	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_character_invalid'].'</div>';
}
#Is de wereld wel geselecteerd
elseif(empty($wereld)){
$foutje10	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_no_beginworld'].'</div>';
}
#Is de wereld wel geselecteerd
elseif($wereld != 'Kanto' && $wereld != 'Johto' && $wereld != 'Hoenn' && $wereld != 'Sinnoh' && $wereld != 'Unova'){
$foutje10	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_world_invalid'].'</div>';
}
#Als dubbel account checkbox wel aangevinkt is
elseif($secondaccount != True){
$foutje11	 = '<span class="error_red">*</span>';
$alert = '<div class="red">'.$txt['alert_1account_condition'].'</div>';
}
#Is Ip adress al in gebruik?
#elseif(($check['ip_aangemeld'] == $ip) && ($countdown_time > 0))
#	$alert = '<div class="red">'.$txt['alert_already_this_ip'].'</div>';




else{ 
#Genereer activatiecode
$activatiecode = 1;

#Gebruiker in de database
mysql_query("INSERT INTO `gebruikers` (`account_code`, `voornaam`, `achternaam`, `land`, `character`, `username`, `geb_datum`, `datum`, `aanmeld_datum`, `wachtwoord`, `email`, `ip_aangemeld`, `wereld`) 
VALUES ('".$activatiecode."', '".$voornaam."', '".$achternaam."', '".$land."', '".$character."', '".$inlognaam."', '".$gebdate."', '".$date."', '".$date."', '".$wachtwoordmd5."', '".$email."', '".$ip."' , '".$wereld."')");
#id opvragen van de gebruiker tabel van de gebruiker
$id	= mysql_insert_id();

#Speler opslaan in de gebruikers_item tabel
mysql_query("INSERT INTO `gebruikers_item` (`user_id`)
VALUES ('".$id."')");

#Speler opslaan in de gebruikers_item tabel
mysql_query("INSERT INTO `gebruikers_badges` (`user_id`)
VALUES ('".$id."')");

#Speler opslaan in de gebruikers_tmhm tabel
mysql_query("INSERT INTO `gebruikers_tmhm` (`user_id`)
VALUES ('".$id."')");

#Bestaat de referer wel.
if(mysql_num_rows(mysql_query("SELECT `username` FROM `gebruikers` WHERE `username`='".$referer."'")) >= 1){
mysql_query("UPDATE gebruikers SET gold = gold +2 WHERE username = '".$referer."'");
}

### Headers. 
$headers = "From: Pokemon Star MMO\n"; 
$headers .= "X-Sender: \"rot\" \n"; 
$headers .= "X-Mailer: PHP\n"; 
$headers .= "Bcc: pokemon-Star.net\r\n"; 
$headers .= "Content-Type: text/html; charset=iso-8859-1\n";

$page = 'register';
#Goeie taal erbij laden voor de mail
include_once('language/language-mail.php');


#Bericht opstellen
$alert = '<div class="green">'.$txt['success_register'].'</div>';

}
}
?>


<form method="post" action="?page=register" name="register">
<input type="hidden" name="csrf" value="<?php echo $key; ?>" />


<center></center>
<?php if($alert != '') echo $alert; ?>
<table width="660" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" class="top_first_td"><?php echo $txt['register_personal_data']; ?></td>
</tr>
<tr>
<td colspan="2" style="padding-bottom:10px;"></td>
</tr>
<tr>
<td width="200" class="normal_first_td"><?php echo $txt['firstname'].' '.$foutje1; ?></td>
<td width="460" class="normal_td"><input type="text" name="voornaam" value="<?php if(isset($_POST ['voornaam']) && !empty($_POST ['voornaam'])) { echo $_POST ['voornaam']; }?>" class="text_long" maxlength="12"></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['lastname'].' '.$foutje2; ?></td>
<td class="normal_td"><input type="text" name="achternaam" value="<?php if(isset($_POST ['achternaam']) && !empty($_POST ['achternaam'])) { echo $_POST ['achternaam']; }?>" class="text_long" maxlength="12"></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['country'].' '.$foutje3; ?></td>
<td class="normal_td"><select name="land" value="<?php if(isset($_POST ['land']) && !empty($_POST ['land'])) { echo $_POST ['land']; }?>" class="text_select">
<?
$landsql = mysql_query("SELECT `en`, `nl` FROM `landen`");

if(isset($_POST['land'])){
$landd = $_POST['land'];
}
else{
$landd = $lang['taalgeneral'];
} 

while($land = mysql_fetch_assoc($landsql)){
if($land['en'] == $landd){
$selected = 'selected';
}
else{
$selected = '';
}
echo '<option value="'.$land['en'].'" '.$selected.'>'.$land[$lang['taalshort']].'</option>';
}
?>
</select>
</td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['gebdate'].' '.$foutje4; ?></td>
<td class="normal_td"><?php
#Dag
echo '<select name="day" class="text_select">
<option value="0">'.$txt['day'].'</option>';
for ($i = 1; $i <= 31; $i++) {
$selected = isset($_POST['day']) && $_POST['day'] == $i ? ' selected="selected"' : '';
echo '<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
}
echo '</select>';
#Maand
echo '<select name="month" class="text_select">
<option value="0">'.$txt['month'].'</option>';
for ($i = 1; $i <= 12; $i++) {
$selected = isset($_POST['month']) && $_POST['month'] == $i ? ' selected="selected"' : '';
echo '<option value="'.$i.'"'.$selected.'>'.strftime('%B', mktime(0, 0, 0, $i, 1)).'</option>';
}
echo '</select>';


#Jaar
echo '<select name="year" class="text_select">
<option value="0">'.$txt['year'].'</option>';
for ($i = 1920; $i <= 2010; $i++) {
$selected = isset($_POST['year']) && $_POST['year'] == $i ? ' selected="selected"' : '';
echo '<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
}
echo '</select>';
?></td>
</tr>
<tr>
<td colspan="2" style="padding-top:10px;"></td>
</tr>
<tr>
<td colspan="2" class="top_first_td"><?php echo $txt['register_game_data']; ?></td>
</tr>
<tr>
<td colspan="2" style="padding-bottom:10px;"></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['username'].' '.$foutje5; ?></td>
<td class="normal_td"><input name="inlognaam" type="text" class="text_long" value="<?php if(isset($_POST ['inlognaam']) && !empty($_POST ['inlognaam'])) { echo $_POST ['inlognaam']; }?>" maxlength="10" /></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['password'].' '.$foutje6; ?></td>
<td class="normal_td"><input type="password" name="wachtwoord" value="<?php if(isset($_POST ['wachtwoord']) && !empty($_POST ['wachtwoord'])) { echo $_POST ['wachtwoord']; }?>" class="text_long" /></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['password_again'].' '.$foutje7; ?></td>
<td class="normal_td"><input type="password" name="wachtwoord_nogmaals" value="<?php if(isset($_POST ['wachtwoord_nogmaals']) && !empty($_POST ['wachtwoord_nogmaals'])) { echo $_POST ['wachtwoord_nogmaals']; }?>" class="text_long" /></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['email'].' '.$foutje8; ?></td>
<td class="normal_td"><input type="text" name="email" value="<?php if(isset($_POST ['email']) && !empty($_POST ['email'])) { echo $_POST ['email']; }?>" class="text_long" /></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['character'].' '.$foutje9; ?></td>
<td class="normal_td"><select name="character" value="<?php if(isset($_POST ['character']) && !empty($_POST ['character'])) { echo $_POST ['character']; }?>" class="text_select">
<?
$charactersql = mysql_query("SELECT naam FROM characters ORDER BY id ASC");

if(isset($_POST['character'])){
$characterr = $_POST['character'];
}
else{
$characterr = 'Red';
} 

while($character = mysql_fetch_assoc($charactersql)){
if($character['naam'] == $characterr){
$selected = 'selected';
}
else{
$selected = '';
}
echo '<option value="'.$character['naam'].'" '.$selected.'>'.$character['naam'].'</option>';
}
?>
</select>
</td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['beginworld'].' '.$foutje10; ?></td>
<td class="normal_td"><select name="wereld" class="text_select">
<option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Kanto</option>
<option> <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>Johto</option>
<option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Hoenn</option>
<option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Kanto") { echo 'checked'; } ?>>Sinnoh</option>
<option <?php if(isset($_POST['wereld']) && $_POST['wereld'] == "Unova") { echo 'checked'; } ?>>Unova</option>

</select></td>
</tr>
<tr>
<td class="normal_first_td"><label for="agreecheck"><?php echo $txt['1account_rule']; ?></label><?php echo $foutje11; ?></td>
<td class="normal_td"><input name="agreecheck" id="agreecheck" value="yes" type="checkbox" <?php if(isset($_POST['agreecheck']) && $_POST['agreecheck'] == "yes") { echo 'checked'; } ?>></td>
</tr>
<tr>
<td class="normal_first_td"><?php echo $txt['referer']; ?></td>
<td class="normal_td"><input type="text" name="referer" value="<?php echo $_GET['referer']; ?>" class="text_long" /> <span style="padding-left:5px;"><?php echo $txt['not_oblige']; ?></span></td>
</tr>
<tr>
<td colspan="2" style="padding-bottom:10px;"></td>
</tr>
<center><div class="boxc"><ul>

<li>- <b>The rules are pretty simple for Pokemon Star RPG:</b></li>
<li>- <b>No swearing (on your profile or via a message).</li></b>
<li>- <b>Do not ask for passwords</li>
<li>- <b>Never give your password away.</li>
<li>- <b>Do not spam.</li>
<li>- Do Not advertise other websites.</li>
<li>- <b>No double accounts.</b>. If some is trying to scam you. Report them to a staff member.</li>
<br>
<li><b>Serious or repeat offences will be banned without warnings.How Long is the exile will be on what you have wrong done. </b></li>
</ul></div></center>
<tr>
<td class="normal_first_td">&nbsp;</td>
<td class="normal_td"><input type="submit" value="<?php echo $txt['button']; ?>" name="registreer" class="button"></td>
</tr>
</table>
<center>
<table width="100%" border="0">
<tbody><tr>
<td align="Center" valign="Middle" width="102">
<img src="/images/trainers/N.png" border="0">
</td>
<td align="left" valign="Middle"><b>
<font name="verdana" size="1">Bring It On, <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Show us what you made up of. Fill all the details and informations and agree to the terms and conditions to Begin your Journey...</font></b>

</td>
</tr>
</tbody></table></center>
</form>
<?php session_destroy(); ?>
  5. 04-11-13 #680
    KiruHoshino
    RaGEZONER || Webdevloper KiruHoshino is offline
    MemberRank
    Oct 2011 Join Date
    HungaryLocation
    648Posts

    Re: [Release] Pokemon-Area based browser game

    You can now delete the previous comment from your code.
  6. 04-11-13 #681
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    Done ;)

    check if you find any Exploit in this register :D
  7. 05-11-13 #682
    fudirox
    Valued Member fudirox is offline
    MemberRank
    Aug 2008 Join Date
    111Posts

    Re: [Release] Pokemon-Area based browser game

    FOR SQL INJECTION PROTECTION, ADD THIS CODE BELOW IN THE CONFIG.PHP


    Code:
    $xa = getenv('REMOTE_ADDR');
$badwords = array(";","'","\"","*","union","del","DEL","insert","update",
" =","drop","sele","$");

foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die("Security Warning!<br />Forbidden simbols are included, 
please remove them and try again -> $xa");

foreach($_GET as $valueget)
foreach($badwords as $wordget)
if(substr_count($valueget, $wordget) > 0)
die("Security Warning!<br />Forbidden simbols are included, 
please remove them and try again -> $xa");
  8. 05-11-13 #683
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    but it can't protect from CSRF
  9. 05-11-13 #684
    The General
    Check http://arcturus.pw The General is offline
    DeveloperRank
    Aug 2011 Join Date
    7,610Posts

    Re: [Release] Pokemon-Area based browser game

    Or just filter everything with mysql_real_escape_string() ?
  10. 05-11-13 #685
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    Exactly my point hillbilly

    even clan script can be fixed by this and few more additions
  11. 05-11-13 #686
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    Bug Free Forums

    almost 98% bugs fixed in these scripts
    Attached Files Attached Files
  12. 05-11-13 #687
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    Here are fixed clans

    check them if u find any bugs clan-invite.zip
  13. 06-11-13 #688
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    A problem appeared for me

    whenever i login and enter the member's area
    then when i click any link
    my session expires and tells me to login again
    i even added remember me box but still its of no use

    anyhelp ?
  14. 07-11-13 #689
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    anyhelp ?
  15. 07-11-13 #690
    Raftaar
    Account Upgraded | Title Enabled! Raftaar is offline
    MemberRank
    Apr 2013 Join Date
    274Posts

    Re: [Release] Pokemon-Area based browser game

    open your javascripts folder and upload this
    Attached Files Attached Files


« Previous Thread | Next Thread »

Advertisement