-
Important Question
Hello
I have a question about my registration page.
Ik use the login.asp from dynamic fysion and i have host it on a webserver online. See the page http://silverpt.webng.com/data/ .
Now is my question is it posibble to change the login.asp so its working to the sql server?
Now i cant register anyone.
Does anyone nows wich line i will have to use.
This is my login.asp
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com By using this page, you agreed not to remove this tag-->
<%
if request.querystring("reg")<> "" then
Set Conn = Server.CreateObject("ADODB.Connection")
DSNtest="DRIVER={SQL Server};SERVER=GERRALD-94EA85A\SQLEXPRESS;UID=sa;PWD=gerrald;DATABASE=accountdb"
name=request.form("user")
pass=request.form("pass")
Conn.open DSNtest
'First check if account is registered before ?
strsql="select * from " & lcase(left(name,1)) & "GameUser WHERE [userid]='"&lcase(name)&"'"
Set rs = Conn.execute (StrSql)
found=""
Do until rs.EOF
found=rs("userid")
rs.movenext
loop
if lcase(found)=lcase(name) then
response.write "<script>alert('That account has already been taken, please use another . Thank you')</script>"
elseif len(pass)>9 then
response.write "<script>alert('Password must be less than 9 characters !!!')</script>"
elseif instr(name,"'")=>1 or instr(pass,"'")=>1 then
response.write "<script>alert('No Sql injection allowed thank you ')</script>"
else
stringx="'username' ,'password','0','0','datereg','1/1/2030 12:00:00 AM ','30','0','0','0','0','0','0','0','0','0.0000','24/7/2006 12:00:00 AM','24/7/2007 12:00:00 AM','24/7/2006 12:00:00 AM','0','0','0','0','0','0','0','0','0','0'"
'stringx="INSERT INTO "& ucase(left(name,1)) & "GameUser"& " ([userid],[Passwd],[GameCode],[GPCode],[RegistDay],[DisuseDay],[UsePeriod],[inuse],[Grade],[EventChk],[SelectChk],[BlockChk],[SpecialChk],[ServerName],[Credit],[ECoin],[StartDay],[LastDay],[EditDay],[RNo],[DelChk],[SNo],[Channel],[BNum],[MXServer],[MXChar],[MXType],[MXLevel],[MXExp]) VALUES('username','password','0','0','1/1/1900 12:00:00 AM','1/1/2030 12:00:00 AM','30','0','0','0','0','0','0','0','0','0.00','24/7/2006 12:00:00 AM','24/7/2007 12:00:00 AM','24/7/2006 12:00:00 AM',0,'0','0','0','0','0','0',0,0,0);"
stringx="INSERT INTO "& ucase(left(name,1)) & "GameUser"& " ([userid],[Passwd],[GameCode],[GPCode],[RegistDay],[DisuseDay],[UsePeriod],[inuse],[Grade],[EventChk],[SelectChk],[BlockChk],[SpecialChk],[ServerName],[Credit],[ECoin],[StartDay],[LastDay],[EditDay],[RNo],[DelChk],[SNo],[Channel],[BNum],[MXServer],[MXChar],[MXType],[MXLevel],[MXExp]) VALUES('username','password','0','0',NULL,NULL,'30','0','0','0','0','0','0','0','0','0.00',NULL,NULL,NULL,0,'0','0','0','0','0','0',0,0,0)"
stringx=replace(stringx,"username",name)
stringx=replace(stringx,"password",pass)
conn.execute stringx
response.write "<script>alert('Done ! Welcome To the community !!')</script>"
end if
conn.close
end if
%><body bgcolor="#000000" text="#CCFFCC"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="595">
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com!CCC -->
<tr>
<td width="100%" style="background-repeat: no-repeat; background-position: center 50%; ; background-image:url('top.JPG')" background="top.JPG" height="243"> </td>
</tr>
<tr>
<td width="100%" style="background-repeat: no-repeat; background-position: center 50%; " height="214" background="mid.JPG" align="center" valign="top">
<form method="POST" action="login.asp?reg=true">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2">
<tr>
<td width="40%"> </td>
<td width="1%"><b>Username:</b><input type="text" name="user" size="20" style="background-color: #808080" value="<%=request.form("user")%>"><p>
<b>Password:</b><input type="password" name="pass" size="21" style="background-color: #808080"></p>
<p align="left">
<input type="submit" value="Register" name="B1" style="font-family: ver; font-size: 8pt; font-weight: bold; background-color: #808080"></p>
</td>
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com! -->
<td width="60%"> </td>
</tr>
</table>
<p> </p>
</form>
</td>
</tr>
<tr>
<td width="100%" height="138" background="bot.JPG" style="background-image: url('bot.JPG'); background-repeat: no-repeat; background-position: center">
<p align="center"><u><b>Designed by:Dynamicfusion@gmail.com</b></u></p>
<p> </p>
<p> </p>
<p> </td>
</tr>
</table>
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com -->
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com -->
-
Re: Important Question
The only part you need to edit is--
SERVER=GERRALD-94EA85A\SQLEXPRESS;
UID=sa;
PWD=gerrald;
DATABASE=acc ountdb" (not sure why there's a space in yours)
-
Re: Important Question
DSNtest="DRIVER={SQL Server};SERVER=127.0.0.1;UID=sa;PWD=PASSWORD_SQL;DATABASE=accountdb"
-
Re: Important Question
Thank You for the reactions
I have now this but its don't working yet
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com By using this page, you agreed not to remove this tag-->
<%
if request.querystring("reg")<> "" then
Set Conn = Server.CreateObject("ADODB.Connection")
DSNtest="DRIVER={SQL Server};SERVER=83.85.162.160;UID=sa;PWD=gerrald;DATABASE=accountdb"
name=request.form("user")
pass=request.form("pass")
Conn.open DSNtest
'First check if account is registered before ?
strsql="select * from " & lcase(left(name,1)) & "GameUser WHERE [userid]='"&lcase(name)&"'"
Set rs = Conn.execute (StrSql)
found=""
Do until rs.EOF
found=rs("userid")
rs.movenext
loop
if lcase(found)=lcase(name) then
response.write "<script>alert('That account has already been taken, please use another . Thank you')</script>"
elseif len(pass)>9 then
response.write "<script>alert('Password must be less than 9 characters !!!')</script>"
elseif instr(name,"'")=>1 or instr(pass,"'")=>1 then
response.write "<script>alert('No Sql injection allowed thank you ')</script>"
else
stringx="'username' ,'password','0','0','datereg','1/1/2030 12:00:00 AM ','30','0','0','0','0','0','0','0','0','0.0000','24/7/2006 12:00:00 AM','24/7/2007 12:00:00 AM','24/7/2006 12:00:00 AM','0','0','0','0','0','0','0','0','0','0'"
'stringx="INSERT INTO "& ucase(left(name,1)) & "GameUser"& " ([userid],[Passwd],[GameCode],[GPCode],[RegistDay],[DisuseDay],[UsePeriod],[inuse],[Grade],[EventChk],[SelectChk],[BlockChk],[SpecialChk],[ServerName],[Credit],[ECoin],[StartDay],[LastDay],[EditDay],[RNo],[DelChk],[SNo],[Channel],[BNum],[MXServer],[MXChar],[MXType],[MXLevel],[MXExp]) VALUES('username','password','0','0','1/1/1900 12:00:00 AM','1/1/2030 12:00:00 AM','30','0','0','0','0','0','0','0','0','0.00','24/7/2006 12:00:00 AM','24/7/2007 12:00:00 AM','24/7/2006 12:00:00 AM',0,'0','0','0','0','0','0',0,0,0);"
stringx="INSERT INTO "& ucase(left(name,1)) & "GameUser"& " ([userid],[Passwd],[GameCode],[GPCode],[RegistDay],[DisuseDay],[UsePeriod],[inuse],[Grade],[EventChk],[SelectChk],[BlockChk],[SpecialChk],[ServerName],[Credit],[ECoin],[StartDay],[LastDay],[EditDay],[RNo],[DelChk],[SNo],[Channel],[BNum],[MXServer],[MXChar],[MXType],[MXLevel],[MXExp]) VALUES('username','password','0','0',NULL,NULL,'30','0','0','0','0','0','0','0','0','0.00',NULL,NULL,NULL,0,'0','0','0','0','0','0',0,0,0)"
stringx=replace(stringx,"username",name)
stringx=replace(stringx,"password",pass)
conn.execute stringx
response.write "<script>alert('Done ! Welcome To the community !!')</script>"
end if
conn.close
end if
%><body bgcolor="#000000" text="#CCFFCC"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="595">
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com!CCC -->
<tr>
<td width="100%" style="background-repeat: no-repeat; background-position: center 50%; ; background-image:url('top.JPG')" background="top.JPG" height="243"> </td>
</tr>
<tr>
<td width="100%" style="background-repeat: no-repeat; background-position: center 50%; " height="214" background="mid.JPG" align="center" valign="top">
<form method="POST" action="login.asp?reg=true">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber2">
<tr>
<td width="40%"> </td>
<td width="1%"><b>Username:</b><input type="text" name="user" size="20" style="background-color: #808080" value="<%=request.form("user")%>"><p>
<b>Password:</b><input type="password" name="pass" size="21" style="background-color: #808080"></p>
<p align="left">
<input type="submit" value="Register" name="B1" style="font-family: ver; font-size: 8pt; font-weight: bold; background-color: #808080"></p>
</td>
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com! -->
<td width="60%"> </td>
</tr>
</table>
<p> </p>
</form>
</td>
</tr>
<tr>
<td width="100%" height="138" background="bot.JPG" style="background-image: url('bot.JPG'); background-repeat: no-repeat; background-position: center">
<p align="center"><u><b>Designed by:Dynamicfusion@gmail.com</b></u></p>
<p> </p>
<p> </p>
<p> </td>
</tr>
</table>
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com -->
<!-- All credits to quantum fusion. Dynamicfusion@gmail.com -->
-
Re: Important Question
"DRIVER={SQL Server};SERVER=83.85.162.160;UID
that should be your sql.
eg.
"DRIVER={SQL Server};SERVER=HANDSOME\SQLEXPRESS;UID
oso make sure its a \ and not a / cause that caught me out.
-
Re: Important Question
yes i now but i have the login.asp on the internet see first post.
Beceause i can't get my IIS 5.1 not on my wan ip only local works and the works the script also. But i want it to the internet for my clients.
-
Re: Important Question
Honestly, I'd just recommend using PHP instead.
-
Re: Important Question
use SERVER=HANDSOME\SQLEXPRESS or IP SQL "127.0.0.1" don't use IP server !!!
-
Re: Important Question
go to windows firewall and open ports
80
8080
10009
876
thats why the iis doesnt work over wan.
thats what it was for me atleast...
