Registration and Login problem

[Pxxx]

Hi,
I use 1.3.6 server files on Linux, with MySQL
http://forum.ragezone.com/f452/pw-13...-mysql-556520/

The registration script doesn't add a password to database:

Code:

$Salt = $Login.$Pass;
$Salt = md5($Salt);
$Salt = "0x".$Salt;
 MySQL_Query("call adduser('$Login', $Salt, '0', '0', '0', '0', '$Email', '0', '0', '0', '0', '0', '0', '0', '', '', $Salt)") or die ("Can't execute query.");

If I add the password manually, when I try to login, server can't check the password:

Code:

TRACE : gdelivery::matrixpasswd query, user=user
GQueryPasswd:account is user , login ip is 122384729
Sending query to acquire password
Prepare procedure call:{call acquireuserpasswd(?,?,?)}
Received acquired password
Returning acquired password
Prepare procedure call:{call deleteTimeoutForbid(?)}

Any suggestions?

[MentaL]

[elmon]

"The registration script doesn't add a password to database"
why do u think so? can u show error?

[Pxxx]

Hehe, solved my problem.

Code:

$Salt -> '$Salt'

2elmon: I'm from Russia too, thanks for answering :)

[elmon]

^_^
apply more)))
(ну нет в английском "не за что")))))

[evilminscer]

We decided to give it to you hard core style
First make a file in your /var/www/(FOLDER NAME OF CHOICE)

chpass.php

<html>
<head>
<title>Perfect World: Change Password</title>
</head>
<body>
<h1>Perfect World: Change Password</h1>
<form action="chpass.php" method="post">
<input type="hidden" name="resetpass" value="<?php echo isset($_REQUEST["resetpass"]) ? $_REQUEST$
<table border="0" cellpadding="1" cellspacing="0">
<tr>
<td>Account Name:</td>
<td><input type="text" name="login" value="<?php echo isset($_REQUEST["login"]) ? $_REQUEST["$
</tr>
<tr>
<td>Old Password:</td>
<td><input type="password" name="oldpass" value="<?php echo isset($_REQUEST["oldpass"]) ? $_R$
</tr>
<tr>
<td>New Password:</td>
<td><input type="password" name="newpass1" value="<?php echo isset($_POST["newpass1"]) ? $_PO$
</tr>
<tr>
<td>Repeat Password:</td>
<td><input type="password" name="newpass2" value="<?php echo isset($_POST["newpass2"]) ? $_PO$
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Change Password" /><$
</tr>
<tr>
<td colspan="2" align="center"><?

//===== Script by Symax =====// //=====For MySQL Database=====//
require "config.php";

$MasterReset = "admin_reset"; // Change this to some random text password

$AdminReset = false;
if (isset($_REQUEST["resetpass"]) && $_REQUEST["resetpass"] == $MasterReset) {
$AdminReset = true;
}

$Login = "";
if (isset($_REQUEST["login"]) && $_REQUEST["login"] != "") {
$Login = strtolower(trim($_REQUEST['login']));
}

$OldPass = "";
if (isset($_REQUEST["oldpass"]) && $_REQUEST["oldpass"] != "") {
$OldPass = strtolower(trim($_REQUEST['oldpass']));
}

if (isset($_POST['submit'])) {
$Link = mysql_connect($DBHost, $DBUser, $DBPassword) or die ("Can't connect to MySQ$

Than you want to make another file in the same directory called

config.php

<? //=====Script by trash=====// //=====For MySQL Datatbase=====//

$DBHost = "localhost"; // localhost or your IP
$DBUser = "root"; // Database user
$DBPassword = ""; // Database password
$DBName = "dbo"; // Database name

?>

Than the most important part of the registration page in the same folder /var/www

index.php

<? //=====Script by trash=====// //=====For MySQL Database=====//
include "config.php";

$Data = '<form action=index.php method=post>
Login:
<br><input type=text name=login><br><br>
Password:
<br><input type=password name=passwd><br><br>
Repeat password:
<br><input type=password name=repasswd><br><br>
Email:
<br><input type=text name=email><br><br>
<input type=submit name=submit value="Registration">
</form>';

if (isset($_POST['login']))
{
$Link = MySQL_Connect($DBHost, $DBUser, $DBPassword) or die ("Can't connect to MySQL");
MySQL_Select_Db($DBName, $Link) or die ("Database ".$DBName." do not exists.");

$Login = $_POST['login'];
$Pass = $_POST['passwd'];
$Repass = $_POST['repasswd'];
$Email = $_POST['email'];

$Login = StrToLower(Trim($Login));
$Pass = StrToLower(Trim($Pass));
$Repass = StrToLower(Trim($Repass));
$Email = Trim($Email);

if (empty($Login) || empty($Pass) || empty($Repass) || empty($Email))
{
echo "All fields is empty.";
}

elseif (ereg("[^0-9a-zA-Z_-]", $Login, $Txt))
{
echo "Login have a incorrect format.";
}

elseif (ereg("[^0-9a-zA-Z_-]", $Pass, $Txt))
{
echo "Password have a incorrect format.";
}

elseif (ereg("[^0-9a-zA-Z_-]", $Repass, $Txt))
{
echo "Repeat password have a incorrect format.";
}
elseif (StrPos('\'', $Email))
{
echo "Email have a incorrect format.";
}
else
{
$Result = MySQL_Query("SELECT name FROM users WHERE name='$Login'") or ("Can't execute query.");

if (MySQL_Num_Rows($Result))
{
echo "Account <b>".$Login."</b> is exists";
}

elseif ((StrLen($Login) < 4) or (StrLen($Login) > 10))

{
echo "Login must have more 4 and not more 10 symbols.";
}

elseif ((StrLen($Pass) < 4) or (StrLen($Pass) > 10))

{
echo "Password must have more 4 and not more 10 symbols.";
}

elseif ((StrLen($Repass) < 4) or (StrLen($Repass) > 10))
{
echo "Repeat password must have more 4 and not more 10 symbols.";
}

elseif ((StrLen($Email) < 4) or (StrLen($Email) > 25))
{
echo "Email must have more 4 and not more 25 symbols.";
}

elseif ($Pass != $Repass)
{
echo "Password mismatch.";
}
else
{
$Salt = $Login.$Pass;
$Salt = md5($Salt);
$Salt = "0x".$Salt;
MySQL_Query("call adduser('$Login', $Salt, '0', '0', '0', '0', '$Email', '0', '0', '0', '0', '0', '0', '0', '', '', $Salt)") or die ("Can't execute query.");
echo "Account <b>".$Login."</b> has been registered.";
}
}
}

echo $Data;

?>

Than the next thing you will need to add

register.php

<? //=====Script by trash=====// //=====For MySQL Database=====//
include "config.php";

$Data = '<form action=index.php method=post>
Login:
<br><input type=text name=login><br><br>
Password:
<br><input type=password name=passwd><br><br>
Repeat password:
<br><input type=password name=repasswd><br><br>
Email:
<br><input type=text name=email><br><br>
<input type=submit name=submit value="Registration">
</form>';

if (isset($_POST['login']))
{
$Link = MySQL_Connect($DBHost, $DBUser, $DBPassword) or die ("Can't connect to MySQL");
MySQL_Select_Db($DBName, $Link) or die ("Database ".$DBName." do not exists.");

$Login = $_POST['login'];
$Pass = $_POST['passwd'];
$Repass = $_POST['repasswd'];
$Email = $_POST['email'];

$Login = StrToLower(Trim($Login));
$Pass = StrToLower(Trim($Pass));
$Repass = StrToLower(Trim($Repass));
$Email = Trim($Email);

if (empty($Login) || empty($Pass) || empty($Repass) || empty($Email))
{
echo "All fields is empty.";
}

elseif (ereg("[^0-9a-zA-Z_-]", $Login, $Txt))
{
echo "Login have a incorrect format.";
}

elseif (ereg("[^0-9a-zA-Z_-]", $Pass, $Txt))
{
echo "Password have a incorrect format.";
}

elseif (ereg("[^0-9a-zA-Z_-]", $Repass, $Txt))
{
echo "Repeat password have a incorrect format.";
}
elseif (StrPos('\'', $Email))
{
echo "Email have a incorrect format.";
}
else
{
$Result = MySQL_Query("SELECT name FROM users WHERE name='$Login'") or ("Can't execute query.");

if (MySQL_Num_Rows($Result))
{
echo "Account <b>".$Login."</b> is exists";
}

elseif ((StrLen($Login) < 4) or (StrLen($Login) > 10))

{
echo "Login must have more 4 and not more 10 symbols.";
}

elseif ((StrLen($Pass) < 4) or (StrLen($Pass) > 10))

{
echo "Password must have more 4 and not more 10 symbols.";
}

elseif ((StrLen($Repass) < 4) or (StrLen($Repass) > 10))
{
echo "Repeat password must have more 4 and not more 10 symbols.";
}

elseif ((StrLen($Email) < 4) or (StrLen($Email) > 25))
{
echo "Email must have more 4 and not more 25 symbols.";
}

elseif ($Pass != $Repass)
{
echo "Password mismatch.";
}
else
{
$Salt = $Login.$Pass;
$Salt = md5($Salt);
$Salt = "0x".$Salt;
MySQL_Query("call adduser('$Login', $Salt, '0', '0', '0', '0', '$Email', '0', '0', '0', '0', '0', '0', '0', '', '', $Salt)") or die ("Can't execute query.");
echo "Account <b>".$Login."</b> has been registered.";
}
}
}

echo $Data;

?>

The way we have it set up on our server is that we have edition JSP scripts which force the users to verify their emails before they can activate their accounts. This is for security reasons, as we are using Ubuntu Jaunty, and allows for extreme security options.

The other part about using ubuntu is the ssh access. HIGHLY RESTRICTIVE, HIGHLY SECURE, and best way to control the people who enter your server.

Now mind yall too, WE DIDNT write this script, we simply utilized it so I take no credit in this registration snippet.