Auto registration in login screen

[MeTaD]

ALERT: This script is currently on testing, you may suffer an Spam registration on your database because this script doesn't has a protection for it, but we are working on it!

This query basically allow you to have a registration on you login screen (where you select the server) when the user accouny does NOT exists, it creates it and logs in that recently created account, so, yo don't need a resgistration web... It is recommended to enable captcha with 6 characters if you are going to use this query to prevent in a way the spam, you must have in mind too that if an user accidentaly writes his username bad it is going to crete a new account and probably he will think that his character has been deleted... I'm working on that too

Well, I have created a simple query to register an user in an attempt of logging...
just run this query, it is going to edit an stored procedure in SRO_VT_ACCOUNT (_CertifyTB_User)

The forum is adding a tag to the code, i will upload it as a txt but ill leave this here for refeernce, DO NOT USE THE CODE POSTED BELOW, INSTEAD USE THE .TXT UPLOADED!

PHP Code:


USE [SRO_VT_ACCOUNT]
GO
/****** Object:  StoredProcedure [dbo].[_CertifyTB_User]    Script Date: 01/23/2014 15:56:29 ******/
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO


ALTER    PROCEDURE [dbo].[_CertifyTB_User]
 [MENTION=2000043826]szu[/MENTION]serID    varchar(25),
    @szPassword    varchar(50)
AS
    declare [MENTION=77438]Nuser[/MENTION]JID int
    declare [MENTION=77438]Nuser[/MENTION]JIDMeTaD int
    declare @sec_primary tinyint
    declare @sec_content tinyint
    set [MENTION=77438]Nuser[/MENTION]JID        = 0
    set [MENTION=77438]Nuser[/MENTION]JIDMeTaD        = 0
    set    @sec_primary        = 0
    set    @sec_content        = 0
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--        º£Æ®³² °æÇèÄ¡ Á¾·®Á¦ (ÃÖ¼±È£)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    declare @AccPlayTime int
    declare [MENTION=1333470999]Late[/MENTION]stUpdateTime_ToPlayTime int
    set @AccPlayTime = 0
    set [MENTION=1333470999]Late[/MENTION]stUpdateTime_ToPlayTime = 0
    select [MENTION=77438]Nuser[/MENTION]JID = JID, @sec_primary = sec_primary, @sec_content = sec_content, @AccPlayTime = AccPlayTime, [MENTION=1333470999]Late[/MENTION]stUpdateTime_ToPlayTime = LatestUpdateTime_ToPlayTime from TB_User
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    where StrUserID = [MENTION=2000043826]szu[/MENTION]serID and password = @szPassword
    if( [MENTION=77438]Nuser[/MENTION]JID = 0 or [MENTION=77438]Nuser[/MENTION]JID is null or @@error <> 0 or @@rowcount = 0)
    begin
    --MeTaD
        select [MENTION=77438]Nuser[/MENTION]JIDMeTaD = JID from TB_User where StrUserID = [MENTION=2000043826]szu[/MENTION]serID
        if( [MENTION=77438]Nuser[/MENTION]JIDMeTaD = 0 or [MENTION=77438]Nuser[/MENTION]JID is null or @@error <> 0 or @@rowcount = 0)
            begin
                print "El usuario NO existe"
                IF  [MENTION=2000043826]szu[/MENTION]serID LIKE "%[^a-zA-Z0-9]%") --Idea from Tazdingo
                    begin
                        select convert( tinyint, 1), convert( int, 0), convert( tinyint, 0), convert( tinyint, 0)
                    end
                else
                    begin
                        insert into TB_User(StrUserID,password,sec_primary,sec_content) values  [MENTION=2000043826]szu[/MENTION]serID, @szPassword,'3','3') 
                        EXEC _CertifyTB_User [MENTION=2000043826]szu[/MENTION]serID,@szPassword
                    end
                return
            end
        else
            begin
                print "El usuario existe"
                select convert( tinyint, 1), convert( int, 0), convert( tinyint, 0), convert( tinyint, 0)
                return
            end
    --MeTaD
        
        
        select convert( tinyint, 1), convert( int, 0), convert( tinyint, 0), convert( tinyint, 0)
        return
    end
    if( exists( select Type from _BlockedUser where UserJID = [MENTION=77438]Nuser[/MENTION]JID and Type = 1 and getdate() between timeBegin and timeEnd))
    begin
        select convert( tinyint, 3), [MENTION=77438]Nuser[/MENTION]JID, convert( tinyint, 0), convert( tinyint, 0)
        return
    end

--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--        º£Æ®³² °æÇèÄ¡ Á¾·®Á¦ (ÃÖ¼±È£)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    select convert(tinyint, 0), [MENTION=77438]Nuser[/MENTION]JID, @sec_primary, @sec_content, @AccPlayTime, [MENTION=1333470999]Late[/MENTION]stUpdateTime_ToPlayTime
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    return 


ENJOY!

UPDATE
Thanks to the idea given from tazdingo, I've succesfully edited the query to protect it from an SQL Injection, I'm going to keep working on the Spam issue, but i think now it is safe to be used, remember, use it at your own risk.

[MentaL]

[loveme]

What exactly is this?

[stemale]

Read the title "Auto registration"

[lemoniscool]

dont use it, it will make your login screen enable SQL injection =)
besides its dumb, even if you fix the SQLi people will be able to spam your db with accounts (by useing a modded clientless to make it faster) and aside of that it also has some wrong logic inside (check the if statements after "--MeTaD")

[MeTaD]

dont use it, it will make your login screen enable SQL injection =)
besides its dumb, even if you fix the SQLi people will be able to spam your db with accounts (by useing a modded clientless to make it faster) and aside of that it also has some wrong logic inside (check the if statements after "--MeTaD")

Thank you for the information, I'll work to secure it, I didn't thought on it... By the way, you can enable captcha and will be harder to Spam the database

[MaDenGo]

Awesome lemoniscool i think you catch him

[MeTaD]

Ey, I didn't do this with a bad intention, I was really trying to release something useful...
I hope that with the BIG red alert i'm showing that i have no bad intentions

[MaDenGo]

Ey, I didn't do this with a bad intention, I was really trying to release something useful...
I hope that with the BIG red alert i'm showing that i have no bad intentions

It's ok bro , i just thanked him to alert us

[Tazdingo]

Just make a return when the id or password have symbols(=!%&') etc

[loveme]

Msg 102, Level 15, State 1, Procedure _CertifyTB_User, Line 33
Incorrect syntax near '@szuserID'.

[Blacksheep25]

It's a good idea, but yeah it is very easy to spam the login screen to keep creating accounts.

[Artuuro_lv]

to avoid spam you can add filter in query.

[lemoniscool]

to avoid spam you would have to add either a captcha or save the last registration time by ip in a table and check if its been at least 24 hours between it ^^
aside of that ... what about typos? imagine .. someone actually is registered already with the username HeyDude and now he tries to login but accidently hits HeySude .. he will be registered new and will be shocked in the first moment cuz his hard work on his char seems to be lost and most likely he will just create a new char and be angry about the GMs while actually he is in a different account ..

Just make a return when the id or password have symbols(=!%&') etc

youre right that would help already but dont forget to return at - too

[CoderWaxy]

Guys i Dont UnderStand any thing
What is That Query Do ?

[Blacksheep25]

It makes it so at the login screen you can create an account by typing in an id+pw :)