2 Attachment(s)
Simple Ep8 Register and Login
For those who don't know me I am pafa7a (Pavel) from Bulgaria and I usually work over MuOnline server/projects/sites/webshops etc.
I am not new in RZ but I am new in cabal community and hope u confirm me :)
I read some threads and I see that many users have a problem with making a Registration and Login in Cabal Ep8 cuz they use PWDCOMPARE. In this release I write a verry simple login and register modules which you must put in your designs.
In modules I write checks for : empty fake login , already exist username , Repeat Password, empty fields.
I hope that this will help at minimum one user
Link (without updatess) : Attachment 127561
[Update 0.1]
-Added register_stored.php file where I use cabal_tool_registerAccount_web stored procedure
To use it just replace with register.php (delete old)
-Added SQL Inject check for register and login
Link (Update 0.1) : Attachment 127574
Re: Simple Ep8 Register and Login
I checked first php (register.php) and just a free way to sql inject! 2nd thing try to use cabal_tool_registerAccount_web stored procedure!
Re: Simple Ep8 Register and Login
This really simple xd
Tapatalk 2 HD
Re: Simple Ep8 Register and Login
Quote:
Originally Posted by
AkiSora
I checked first php (register.php) and just a free way to sql inject! 2nd thing try to use cabal_tool_registerAccount_web stored procedure!
I wrote modules to show the way how to register and login using PWDCOMPARE, not how to secure them...
ok I will make a update where I use cabal_tool_registerAccount_web
Edit : First post updated
Re: Simple Ep8 Register and Login
Oh very beautiful secure.php ^^
-I give some tip for continuing your work!
-Account - SP - cabal_sp_IsValidPassword_by_ID -> For login
-Cookie for use to keep login state
-AlreadyLoggedIn and AlreadyLoggedOut functions -> Cookie gaming ^^
btw. Sadly your first release was not so good, but 2nd is show your skills! Kepp on your great work :)
Re: Simple Ep8 Register and Login
It probably should be under Development section :-)
Re: Simple Ep8 Register and Login
Sucks, it did screwed up my account.
Re: Simple Ep8 Register and Login
Quote:
Originally Posted by
allocen
Sucks, it did screwed up my account.
Yeah, my pecker got caught in the ceiling fan after using this.
1 Attachment(s)
Re: Simple Ep8 Register and Login
Ok tomorrow I will write reg and login with design , cookies, js and I will use cabal_sp_IsValidPassword_by_ID as you wish.
And like AkiSora said : '2nd is show your skills'
be ready :)
Edit : The attached image is shows you the design of login (the box with 'Problem' have an animation (shake))
Re: Simple Ep8 Register and Login
Code:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label>Username : *</label>
<p>
<input type="text" name="username" />
</p>
<label>Password : *</label>
<p>
<input type="password" name="password" />
</p>
<label>Email address : *</label>
<p>
<input type="email" name="email" />
</p>
<label>Secret Question : *</label>
<p>
<input type="text" name="question" />
</p>
<label>Secret Answer : *</label>
<p>
<input type="text" name="answer" />
</p>
<input type="hidden" name="ip" />
<p>
<input type="submit" value="Register" />
</p>
</form>
<?php
function register() {
session_start();
$username = '';
$password = '';
$email = '';
$question = '';
$answer = '';
$ip = '';
$country = '';
$retval = null;
$valid = FALSE;
if (isset($_POST['username'])) {
if (empty($_POST['username']) || strlen($_POST['username']) < 6 || strlen($_POST['username']) > 24 || preg_match('/[^a-zA-Z0-9]/', $_POST['username'])) {
$valid = TRUE;
echo "ERROR: Username cannot be empty. 6-24 characters long and 0-9 numbers are allowed.<br/>";
} else {
$username = $_POST['username'];
}
}
if (isset($_POST['password'])) {
if (empty($_POST['password']) || strlen($_POST['password']) < 8 || strlen($_POST['password']) > 24 || preg_match('[^a-zA-Z0-9]', $_POST['password'])) {
$valid = TRUE;
echo "ERROR: Password cannot be empty. 8-24 characters long and 0-9 numbers are allowed.<br/>";
} else {
$password = $_POST['password'];
}
}
if (isset($_POST['email'])) {
if (empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$valid = TRUE;
echo "ERROR: Email address is not valid.<br/>";
} else {
$email = $_POST['email'];
}
}
if (isset($_POST['question'])) {
if (empty($_POST['question']) || strlen($_POST['question']) < 6 || strlen($_POST['question']) > 24 || preg_match('[^a-zA-Z]', $_POST['question'])) {
$valid = TRUE;
echo "ERROR: Secret question cannot be empty. 6-24 characters long are allowed.<br/>";
} else {
$question = $_POST['question'];
}
}
if (isset($_POST['answer'])) {
if (empty($_POST['answer']) || strlen($_POST['answer']) < 6 || strlen($_POST['answer']) > 24 || preg_match('/[^a-zA-Z0]/', $_POST['answer'])) {
$valid = TRUE;
echo "ERROR: Secret answer cannot be empty. 6-24 characters long are allowed.<br/>";
} else {
$answer = $_POST['answer'];
}
}
if (isset($_POST['ip'])) {
$ip = $_SERVER['REMOTE_ADDR'];
}
if ($valid == TRUE) {
echo "ERROR: Fillup the form.<br/>";
} else {
if ($username != '' && $email != '') {
try {
$dbh = new PDO('sqlsrv:server=(local);database=account', 'sa', 'password123');
$dbh -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh -> prepare('SELECT * FROM [dbo].[cabal_auth_table] WHERE ID = :username OR EMAIL = :email');
$stmt -> bindParam(':username', $username, PDO::PARAM_STR);
$stmt -> bindParam(':email', $email, PDO::PARAM_STR);
$stmt -> execute();
if ($stmt -> fetchColumn() == 0) {
$stmt = $dbh -> prepare('{:retval = CALL [dbo].[cabal_tool_registerAccount_web] (@ID=:username, @password=:password, @email=:email, @question=:question, @answer=:answer, @ip=:ip)}');
$stmt -> bindParam(':retval', $retval, PDO::PARAM_INT | PDO::PARAM_INPUT_OUTPUT, 4);
$stmt -> bindParam(':username', $username, PDO::PARAM_STR);
$stmt -> bindParam(':password', $password, PDO::PARAM_STR);
$stmt -> bindParam(':email', $email, PDO::PARAM_STR);
$stmt -> bindParam(':question', $question, PDO::PARAM_STR);
$stmt -> bindParam(':answer', $answer, PDO::PARAM_STR);
$stmt -> bindParam(':ip', $ip, PDO::PARAM_STR);
$stmt -> execute();
if ($stmt == FALSE) {
echo "ERROR: Please contact the administrator.<br/>";
} else {
echo "<h3>Registration Success!.</h3>";
echo "Welcome $username.<br/>";
}
$dbh = null;
} else {
echo "ERROR: Username or Email Address is already exist!.<br/>";
}
} catch(PDOException $e) {
die(print_r($e -> getMessage()));
}
}
}
}
register();
my registration base on champ but i use pdo, if you use latest xampp you could use this